[PAM] Demonstration of Transparent Login Agent Script when CONTROL is not detected

book

Article ID: 196698

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Transparent Login Agent is able to detect the CONTROL objects (such as the input field, buttons and etc) only when the software is using Microsoft Standard Graphics Class.

As more and more softwares are using custom classes Learn Tool is unable to find the username, password, hostname and submit button controls.

This KB article is to demonstrate how customers can write their Transparent Login Agent Script even when the controls are not detected.

This does not mean Broadcom takes responsibility for the demonstrated script. It is only for demonstration and knowledge sharing purpose.

If you need help writing Transparent Login Agent Script, please contact your Broadcom Account Manager to involve Services Team.

Cause

In this demonstration, Check Point Smart Console 80.40 will be used as the controls are not recognized by Learn Tool.

In the following image, [Window] elements are recognized.

In the following image, [Control] elements are not recognized. As a result, you will not be able to mark which control element is for username and which one is for hostname.

Environment

Release : 3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Althogh the [Control] side is not recognized, you can always send key combinations such as [TAB] and [ENTER] or [SPACE] to submit actions.

From observation, Smart Console requires some time after launch to display the username input field.

When writing Transparent Login Agent Script you always need to be cautious as there is a risk of exposing password in clear-text.

In that case you can take a screenshot on a portion of the screen that confirms user input fields are ready.

Following image shows part of Username input field which would only appear when it is ready to accept input.

The screenshot gets added to the script as <checkimg content=xxxx> and this will pause the script until the matching screen appears on screen.

 

And from observation, the key input focus was already at the Username field.

So you just need to submit the [Username], [TAB], [Password], [TAB], [Host], [TAB], [TAB], [TAB] and finally the focus is on the "LOGIN" button and you can click on it by pressing [SPACE].

 

Now you have all the information you need to complete the Transparent Login Agent Script.

Following is a sample. Just for security purpose I added a 3 seconds delay before the script starts populating the credentials.

<window id="">
  <checkimg content="iVBORw0KGgoAAAANSUhEUgAAAHgAAACUCAMAAABvPB0ZAAABOFBMVEUXHyz39/fS1dn////Z2dm1tbXv7++AgIA5OTns7Oy/v79DQ0MzMzOZmZn8/PzPz8+Dg4PS0tJQUFBZWVm5ubm8vLyysrL5+fk2Njbf39/MzMycnJyfn59jY2OQkJBNTU1AQEDi4uLJyclWVlasrKxJSUmpqal9gYmBhYxtbW3CwsJgYGCvr695foX7+/xjaXKJiYk9PT319fWGhoaZnaLV1dV5eXlmZmZwcHDy8vKWlpZdXV3T1deIjJNOVF40O0ZKUFrIys34+PgbIy9uc3vw8fLX2Ns7Qk0wOEMpMT3t7e5gZW6VmZ+oq7AiKja9wMOztblrcHhGTVc/RlDW2NzGyc/p6uyLj5XNz9Tz8/Xf4ORnbHU4P0rMztG6vMCgpKkmLTne3+G2ub2vsrbp6useJjNDSVSkp6yybwXdAAAC7ElEQVR4Ae3V+3fSMBQH8GpwTAibG3ObjyHotqIy0A2d0zm24fABzldbaH2/////wKYNJaWtO4clFzne7y9pOG0/zc2l1WJyBiIII4wwwggjjDDC/zp8VkomCyanDsIII3wynDo3FngqPX1+HHAmS3PwpZ6ZTVNKL+TmgOHMPOXJL0DCF6mQRTh4KSvCy5fA4MuiS+kVMPhqGF4Bgwth+BoYnA7DxXHBFAguXR+GMzMg8PzyjSGYroLANJocwkrgNVochtfDZ+jBfcsy4Zt0ZRi+ReJlXeqKS4XZMHu7EinuhnfXDbmldhP6OtGoS6o196a1qnT4juje3SSxcuBKhFMivBXbydV6VXZXs+QF+B45KRLhzMC9TyBhEvyjtmdg4aCvHxBQeCqo9BokvDNXGOzxdnq9BAKnHs5HPhKPVjcVw0uVfMzHib1FtkoK4Z1cNp5lWU6XVMGZYjLLMr2gCK783aU0pwhe/O/gkYMwwghzWEYmCZYYhBFGGGGEEZ50WM732MvEwERWEEYYYYTHCO8+3ms09vUDYPiw3ORXPTmChFtPB5c9O4CDDwVX056/AIPL/lLbtYZ3UIOCW2x/m52qe/jymF35Cgius7M7/vFrdqwDwW9Ynat88tad7AHB79yT2/2J7k6Oo4BherGkwuzkbn/SZbMo3PNh0wCGbdNkgxNZs2rYMnu84oYsuPX+Q/TSRvtj+P6O6YQe4PTwp2bcpW4+D/WWX2KLr9jp99qo8NGXBFdrfhVh07SFlVu808zRV/wtydW0erS32Gh7rrduVvZR4W4y3A31lsELzEbe2t6PimG+pb7rBPtsKYf568Pv6B7fb4ONiuF+b/GJsO9qYTv07+UTxxvVwlbofeWv2G1tRzls8PdWf8Md71lYbzlq4Z64xbzFLe9HQy3M20mUbf9pbMVdnZxR4e/JcEcp/ONnIryrFCb1JFcnamHybT9m0c1fv4lq+JRBGGGExwZLy4TAEoMwwghLyx+7T+ONjZX+vQAAAABJRU5ErkJggg=="/>
  <sleep time="3000"/>
  <send username="true" id="window"/>
  <send text="{TAB}" id="window"/>
  <send password="true" id="window"/>
  <send text="{TAB}" id="window"/>
  <send host="true" id="window"/>
  <send text="{TAB}" id="window"/>
  <send text="{TAB}" id="window"/>
  <send text="{TAB}" id="window"/>
  <send text="{SPACE}" id="window"/>
</window>

CheckPoint-SmartConsole-8040.gif has been attached demonstrating the script in action.

Attachments

1596715316067__CheckPoint-SmartConsole-8040.gif get_app