Skip to main content

Website access disclosure plugins

Secure browser plugin: securebrowser

The securebrowser access disclosure plugin provides users with brokered access to a website without the need to enter the administrative credentials for the managed account and is compatible with session recording.

This requires installation of the Secure Browser app.

The securebrowser plugin is primarily used in conjunction with team management .

You can modify the following default attributes to control the behavior of securebrowser :

  • configuration_file The configuration file in JSON format.

  • webappjson_create If enabled, the user checking out the managed account can upload their own website applications. This is disabled by default.

  • webappjson_search By default, the user checking out the managed account has the ability to search and select a desired website application.

Collecting logs when the secure browser disclosure has issues

The secure browser extension uses a different technology to the native plugins and doesn't provide logging data to the logutil tool that is normally used for troubleshooting.

You can instead compare server logs for a successful attempt with those for a failed attempt, and try to identify the difference.

  1. Determine a way to get all user HTTP calls to the same server for testing.

  2. Increase logging to only the smonotu binary to Verbose (in the util\ directory on the server being contacted):

    psdebug -prog smonotu -level 99

  3. Rotate the log:

    ..\service\idmlogsvc -trace-restart

  4. Perform a successful disclosure for a user whose access works.

  5. Check idmsuite.log to ensure that smonotu logs at Verbose level (search for a line that contains both "smonotu.exe" and "Verbose"

    • If you find it, rename that log to idmsuite-success.log.

    • If not, verify the psdebug command was run in an administrative command prompt.

  6. Rotate the log again.

  7. Perform an unsuccessful disclosure for a user whose access doesn't work.

    If you can't get the issue to reproduce, it may be that the load balancer causes it, by not providing sticky sessions and sending disclosure HTTP requests to different servers.

  8. If the issue is reproduced, verify there are smonotu log entries, and if so, rename the log to idmsuite-failed.log.

  9. Remove the verbose logging:

    psdebug -prog smonotu -remove

  10. Zip up the two log files and send the resulting archive to Bravura Security Support.

Web app privileged sign-on: pswxwebapp

The pswxwebapp access disclosure plugin provides users brokered access to a website without the need to enter the administrative credentials for the managed account.

This is compatible with desktop Chrome browsers and requires installation of the Bravura Security browser extension.

The pswxwebapp plugin is primarily used in conjunction with Team Management.

You can modify the following default attributes to control the behavior of pswxwebapp :

  • configuration_file The configuration file in JSON format.

  • webappjson_create If enabled, the user checking out the managed account can upload their own website applications. This is disabled by default.

  • webappjson_search By default, the user checking out the managed account has the ability to search and select a desired website application.

Note

The logutil utility cannot capture pswxwebapp plugin activity.

In this section: