How to configure SSO for HLLAPI applications and IBM mainframes

The HLLAPI (High Level Language Application Program Interface) is an IBM API that allows a PC application to communicate with an IBM mainframe. HLLAPI requires a PC to run a 3270 emulation software and then defines an interface between a PC application and the emulation software.

The Enterprise SSO studio allows you to choose predefined scripts depending on your Windows.

When onboarding an HLLAPI login screen, choose the appropriate script by choosing “HLLAPI plugin”.

To enable the SSO to detect the HLLAPI login screen: adding registry keys might be necessary:

HllLibrary - DLL file that must be used by the HLLAPI plug-in.

HllEntryPoint - Name of the HLLAPI function in the DLL file.

HLLAPI-32bit - Specifies that the HLLAPI application is a 32-bit application.

IgnoreWindowsHandle  - Allows Enterprise SSO to support HLLAPI libraries which are not able to return Windows handle properly.

UseTitleInDetection - Allows the Enterprise SSO engine to detect the title of the HLLAPI application.

If the default configuration parameters used to implement the HLLAPI plug-in are not working with your HLLAPI application, or if you want to configure Single Sign-On for different types of HLLAPI applications installed on the same workstation, you must modify keys and values in the Windows Registry to fit your requirements.

• Modifying the Windows Registry may damage your Windows system. It is strongly recommended to be accommodated with the Registry Editor to modify keys and values.

• When you install a 32 bit application on a 64 bit workstation, the path is as follows: HKEY_LOCAL_MACHINE\SOFTWARE\wow6432Node\Enatel

If the EnableMultiEmulator key is set to 1 the registry keys listed in this section that are located directly under HKLM\SOFTWARE\Enatel\SSOWatch\HllAPI are ignored.

To enable SSO for HLLAPI applications, you must declare the application in the Enterprise SSO configuration and define the window types that must be detected by Enterprise SSO, as described in the following procedure.

Before starting, your emulation software must be configured to establish connections through HLLAPI. Moreover check that the global configuration parameters used to implement the HLLAPI plug-in are correctly set.

1. In Enterprise SSO Studio, create a new Application.

The Application object appears under the Applications node.

2. Right-click the Application object and select New Window.

The Window Properties window appears.

3. Fill-in the General tab with the following guideline: in the Window Type drop down list, define one of the following screens:

- HLLAPI Login: login screen of the HLLAPI application.

- HLLAPI Bad Password: screen indicating a wrong password/username.

HLLAPI New Password: screen requesting a new password (this screen can be a specific screen or the login screen. Not available in Access Collector mode).

- HLLAPI Standard: screen that does not need any authentication data (not available in Access Collector mode).

- HLLAPI Confirm Password: new password confirmation screen (not available in Access Collector mode).

- HLLAPI Bad New Password: screen indicating that the new password in not correct (not available in Access Collector mode).

4. If necessary, fill-in the Options tab.

If you are defining an HLLAPI New Password screen, and if the new password must be provided in the login screen, then select Use Manual SSO State Conditions, click Configure and select SSO has been done.

Password has expired and must be changed.

5. Fill-in the Detection tab
6. Fill-in the Actions tab
7. Click the OK button.

The Window object appears under the Application object.

8. To define other HLLAPI window types, restart from Step 2.