Auto Logging into RDP Remote Applications
To allow Kron PAM to log in to certain applications automatically, you must configure the corresponding credentials first. Application credentials are invisible to users when they access a device and an application on that device; however, Kron PAM logs all sessions.
There are three different methods for auto-login:
Optical Character Recognition is the data extraction from printed or written text from a scanned document or image file and then converting the text into a machine-readable form to be used for data processing like editing or searching. Based on OCR technology, Kron PAM extracts texts from the computer screen and processes/uses them for auto-login.
To configure OCR:
- Navigate to Device Management > Device Group
- Right-click the device group you want to edit and select Allow Remote Application
- Check both the Allow and Auto Login options and click the Set Auto Login Properties button
- In the Auto Login Parameters window, select Use OCR and then configure accordingly as shown in the image below.
Note on OCR Text and Key Templates
You must enter the OCR text and Key template specifically to the application as these configurations are different for every application.
OCR Text | Text to recognize if the login page has loaded successfully. OCR scans the screen and looks for this text. When it finds it, it starts to enter the Key Template. |
|---|---|
Key Template | Login key template to insert username and password. Consists of key and character combinations. The special keys are written consecutively in “[Tab], [Enter],” etc., format. The Username and Password are sent with ${username} and ${password} placeholders. A standby time can be set in milliseconds and added to the key template in a regular format. For example, if [wait-3000] is added to the key template, it means “wait for 3 seconds” before executing the next key. |
Special keys should be written in the following format:
[Alt] | [F10] | [F8] | [Print] |
|---|---|---|---|
[Begin] | [F11] | [F9] | [Right] |
[Break] | [F12] | [Home] | [Scroll_Lock] |
[Ctrl] | [F2] | [Insert] | [Shift] |
[Delete] | [F3] | [Left] | [Shift_Lock] |
[Down] | [F4] | [Num_Lock] | [Tab] |
[End] | [F5] | [Page_Down] | [Up] |
[Escape] | [F6] | [Page_Up] |
|
[F1] | [F7] | [Pause] |
|
Allow Assigned Credentials | Allows assigned credentials for the current user to be selected in the user selection at the beginning of the session. If enabled, SAPM configuration needs to be in place for the user. |
|---|---|
Allow Session User
| Allows the current Kron PAM user to be selected from the user options at the start of the session. This can be used for LDAP connections for applications, if LDAP is integrated with Kron PAM and the application, or if the same username and password are used for Kron PAM and the application. |
Username
| Username to log in to the application with
|
Password
| Password to log in to the application with |
Timeout | The time window to detect the login page |
Device IP | The IP address of the remote application |
The command-line argument is a kind of parameter supplied to the program when it is invoked. Some applications can receive/take parameters from the command line. These kinds of applications are configurable with the appropriate parameters in Kron PAM. To start, call these applications with parameters. Kron PAM executes these kinds of applications with preconfigured parameters through the RDP protocol. Hence all the information, including the sensitive data, is transmitted into the RDP protocol securely.
To configure the Parametric Solution:
- Navigate to Device Management > Device Group
- Right-click the device group you want to edit and select Allow Remote Application
- Check both the Allow and Auto Login options and click the Set Auto Login Properties button
- In the Auto Login Parameters window, select Use Parameters and then configure accordingly as shown in the image below
The figure above shows that the WinSCP application receives parameters such as username, password, and device IP. This syntax is specific to the WinSCP application. Other applications can have similar syntaxes, so we can pass parameters to applications and fill the necessary fields as we do in the OCR section. OCR and Parametric Solution use a common screen, and the configurations are the same.
Sometimes applications do not receive/take parameters, so we cannot use Parametric Solution, or OCR does not recognize the application for auto-login. Such cases can be handled via Automation Scripts. These kinds of automation scripts are written specifically for applications and combined with a parametric solution.
First, we must identify whether the scripting language is applicable to the application. To do so, we need to install an applet on the server. Then we need to analyze the application to identify which parameters (such as user, password, device IP) should be sent based on the application screen and cursor location and then write a script accordingly. Kron PAM Engineers write these scripts.
