Configuring Enterprise SSO to onboard a green screen application with HLLAPI

The HLLAPI (High Level Language Application Program Interface) is an IBM API that allows a PC application to communicate with a mainframe computer. HLLAPI requires a PC to run a 3270 emulation software and then defines an interface between a PC application and the emulation software.

The enterprise SSO studio allows you to choose predefined scripts depending on your Window.

When onboarding an HLLAPI login screen, choose the appropriate script by choosing “HLLAPI plugin”.

To enable the SSO to detect the HLLAPI login screen: adding registry keys might be necessary:

HllLibrary - DLL file that must be used by the HLLAPI plug-in.

HllEntryPoint - Name of the HLLAPI function in the DLL file.

HLLAPI-32bit - Specifies that the HLLAPI application is a 32-bit application.

IgnoreWindowsHandle  - Allows Enterprise SSO to support HLLAPI libraries which are not able to return Windows handle properly.

UseTitleInDetection - Allows the Enterprise SSO engine to detect the title of the HLLAPI application.

Configuring the HLLAPI Plug-in

If the default configuration parameters used to implement the HLLAPI plug-in are not working with your HLLAPI application, or if you want to configure Single Sign-On for different types of HLLAPI applications installed on the same workstation, you must modify keys and values in the Windows Registry to fit your requirements.

  • Modifying the Windows Registry may damage your Windows system. It is strongly recommended to be accommodated with the Registry Editor to modify keys and values.
  • When you install a 32 bit application on a 64 bit workstation, the path is as follows: HKEY_LOCAL_MACHINE\SOFTWARE\wow6432Node\Enatel

If the EnableMultiEmulator key is set to the registry keys listed in this section that are located directly under HKLM\SOFTWARE\Enatel\SSOWatch\HllAPI are ignored.

Value nameEnableMultiEmulator
DescriptionEnables/disables the management of different types of HLLAPI applications on the same workstation.
TypeREG_DWORD
Value data0: disabled.

1: enabled.

LocationHKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI
Value nameHllLibrary
DescriptionDLL file that must be used by the HLLAPI plug-in.

IMPORTANT: if the EnableMultiEmulator key is set to 1, this value must be set (no default value allowed).

TypeREG_SZ
Value dataPathname of the .DLL file.

Default value: PCSHLL32.dll

Location• Single application: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI

• Multi applications: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI\<App. Name>, where <App. Name> is the name of the HLLAPI application.

Value nameHllEntryPoint
DescriptionName of the HLLAPI function in the DLL file.

IMPORTANT: If the EnableMultiEmulator key is set to 1, this value must be set (no default value allowed).

TypeREG_SZ
Value dataDefault value: hllapi
Location• Single application: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI

• Multi applications: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI\<App. Name>, where <App. Name> is the name of the HLLAPI application.

Value nameHLLAPI-32bit
DescriptionSpecifies that the HLLAPI application is a 32-bit application.

IMPORTANT: If the EnableMultiEmulator key is set to 1, this value must be set (no default value allowed).

TypeREG_DWORD
Value data1 (default): 32-bit application

0: 16-bit application

Location• Single application: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI

• Multi applications: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI\<App. Name>, where <App. Name> is the name of the HLLAPI application.

Value nameIgnoreWindowsHandle
DescriptionAllows Enterprise SSO to support HLLAPI libraries which are not able to return Windows handle properly.
TypeREG_DWORD
Value data1: enabled.

0 (default): disabled.

Location• Single application: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI

• Multi applications: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI\<App. Name>, where <App. Name> is the name of the HLLAPI application.

Value nameUseTitleInDetection
DescriptionAllows the Enterprise SSO engine to detect the title of the HLLAPI application.
TypeREG_DWORD
Value data1 (default): enabled (displays the Title check button in the Detection tab. For more details, see Section 9.2.1, "The Detection Tab").

0: disabled.

Location• Single application: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI

• Multi applications: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\SSOWatch\HllAPI\<App. Name>, where <App. Name> is the name of the HLLAPI application.

Enabling SSO for HLLAPI Applications

To enable SSO for HLLAPI applications, you must declare the application in the Enterprise SSO configuration and define the window types that must be detected by Enterprise SSO, as described in the following procedure.

Before starting, your emulation software must be configured to establish connections through HLLAPI. Moreover check that the global configuration parameters used to implement the HLLAPI plug-in are correctly set.

  1. In Enterprise SSO Studio, create a new Application.

The Application object appears under the Applications node.

  1. Right-click the Application object and select New Window.

The Window Properties window appears.

  1. Fill-in the General tab with the following guideline: in the Window Type drop down list, define one of the following screens:

- HLLAPI Login: login screen of the HLLAPI application.

- HLLAPI Bad Password: screen indicating a wrong password/username.

HLLAPI New Password: screen requesting a new password (this screen can be a specific screen or the login screen. Not available in Access Collector mode).

- HLLAPI Standard: screen that does not need any authentication data (not available in Access Collector mode).

- HLLAPI Confirm Password: new password confirmation screen (not available in Access Collector mode).

- HLLAPI Bad New Password: screen indicating that the new password in not correct (not available in Access Collector mode).

  1. If necessary, fill-in the Options tab.

If you are defining an HLLAPI New Password screen, and if the new password must be provided in the login screen, then select Use Manual SSO State Conditions, click Configure and select SSO has been done.

Password has expired and must be changed.

  1. Fill-in the Detection tab
  2. Fill-in the Actions tab
  3. Click the OK button.

The Window object appears under the Application object.

  1. To define other HLLAPI window types, restart from Step 2.