Skip to main content

TCP, Telnet, HTTP, or HTTPS Access

Connector name

agttelnet

Connector type

Executable with PSLang script

Type (UI field value)

Telnet target system

Target system versions supported / tested

Systems that users log into with a:

  • Terminal emulator (raw TCP socket; Telnet, using VT100, TN3270, or TN5250 terminal emulation)

  • Web browser (HTTP, including HTTP authentication and cookies; HTTP with SSL)

Connector status / support

Bravura Security-Verified

This connector has been tested and is fully supported by Bravura Security.

 

Support for OpenSSL

Connector name

agttelnet-openssl

Connector type

Executable with PSLang script

Type (UI field value)

Telnet target system

Connector status / support

Customer-Verified

Clients may contact Bravura Security support for assistance with this connector. Troubleshooting and testing must be completed in the client's test environment as Bravura Security does not maintain internal test environments for the associated target system.

Installation / setup

The agttelnet-openssl.exe Customer-Verified connector provides supplemental support for OpenSSL 3.0.x. Installation of this connector will replace any previously existing Telnet target system used by agttelnet.exe.

You also need to locate the libcrypto-3-x64.dll and libssl-3-x64.dll OpenSSL 3.0.x dependencies and ensure that they are located in the system PATH, such as the Windows System32 directory. Ensure that they are also up-to-date and have no security vulnerabilities.

Upgrade notes

The agttelnet-openssl connector was added in Connector Pack 4.7.

Preparation

Configuring a target system administrator

In most cases, Bravura Security Fabric uses a designated account (for example, psadmin) on the target system to perform operations.

Ensure that the designated account can log into the application from the Bravura Security Fabric server, and that the account has the necessary privileges to set passwords and manage accounts.

Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the target system to Bravura Security Fabric .

Writing a script

Account management operations are implemented using a PSLang script to provide details for interaction between Bravura Security Fabric and the target application. The connector reads a script file with one or more functions defined in it. The connector refers to functions that you implement in the script by name and executes the appropriate function for each agent operation. You can write custom scripts which must be added in the <Program Files path>\Bravura Security\Bravura Security Fabric\<instance>\ script\ directory. Official, shipped scripts are included in the agent directory, and use a scripted platform definition file (.con) to call one of the binary agents. The official scripts are designed to work "out of the box", but can be modified to suit your requirements.

See more information on how to create a PSLANG script or modify a sample script.

Some sample scripts are provided in the samples directory. If you cannot find the sample file, try re-running setup to modify your installation. Sample files are automatically installed with complete (typical) installations. You can select them in custom installations.

Any sample script should be modified to fit your environment and prevent security exploits. The following Telnet target scripts are available in the samples directory::

  • agttelnet.psl for Telnet targets that users access with a terminal emulator

  • agttelnet-racf.psl for z/OS targets that users access with a terminal emulator

Targeting an application

For each system or application that Bravura Security Fabric will target using agttelnet , add a target (Manage the system >Resources >Target systems):

  • Type is Telnet target system.

  • Address uses options described in the table below.

  • Enter the account ID and password of the target system administrator you configured in Configuring a target system administrator . If the target system does not require administrative credentials, set the Administrator ID and Password to a non-empty value.

    Table 1. Telnet target address configuration

    Option

    Description

    Options marked with a redstar.png are required.

    Script file redstar.png

    Must be set to the name of the file described in Writing a script .

    (key: script)

    Server redstar.png

    The IP address/domain name of the server.

    (key: server)

    Advanced

    Port

    TCP port number. Typical TCP port numbers are:

    23 - Telnet (default)

    80 - HTTP

    443 - HTTPS

    (key: port)

    Connection over SSL

    Select to enforce SSL connections.

    (key: ssl)

    Validate the server’s certificate when connecting

    Determine whether to validate the server’s security certificate for SSL connections. Default is true.

    (key: checkCert)

    Terminal type

    Select ANSI/VT100, IBM3270, or IBM5250.

    (key: terminal)

    Telnet special write option

    Select Absolute, Relative, MatchRelative, or Unformatted.

    (key: writeoption)

    Directory containing PEM-formatted CA certificate files

    Specify the directory to look for certificate files.

    (key: CApath)

    PEM-formatted CA certificate file

    Specify absolute path to certificate file.

    (key: CAfile)

    Other settings

    Enter additional data to be passed into the script, in KVGroup format; for example {other=data;}.

    Timeout for connection

    Amount of time in seconds the connector will wait for a response. Default is 300 seconds.

    (key: timeout)



The address is entered in the syntax:

<script>[/{server=<name|IP>;port=<N>;SSL=true|false;terminal=<ANSI/VT100|IBM3270|IBM5250>;timeout=<N>;writeoption=<option>;CApath=<directory>;CAfile=<filepath>;checkCert=<true|false>;}]

Note

You can extend the address wizard by adding address line elements using the addressattrs function, as explained in PSLang Scripts for agtdos, agttelnet, and agtssh . This is useful when creating a scripted target system with a scripted platform definition file.

Creating a template account

Consult the documentation included with your specific application to learn how to create an account to use as a template in Bravura Identity . You can then add account attributes to determine how new accounts should be created based on the template account’s parameters.

Bravura Security Fabric still requires a template account, even though attributes may or may not be copied from the template account, for example, if the configured action for all account attributes is Set.

Creating account attributes

The attributes that define accounts are unique to specific applications; you must therefore create your own set of account attributes. You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module account attributes menu. See Account attributes for more information.

Managing groups

If group management functions are supported by your application, you can configure Bravura Security Fabric’s workflow engine to manage group membership on your targets. You can also map profile attributes to group attributes on the target so that users can select groups when making a request; however, this method is currently incompatible with group management through Bravura Security Fabric ’s workflow configuration. Changes made in one method are not updated in the other.

For more information about account attributes and managed groups, see Groups.

NTLM authentication

The agttelnet agent supports connecting to targets that use NTLM authentication. To do so you must use the following syntax for httpOpen():

$userAuth = 1;
$userid = "[MACHINE/DOMAIN NAME]\\userid";
$password = "password";
$err = httpOpen( $handle, $host, $port, $useSSL, $useAuth, $userid, $password );

Note that you must use a double slash "\\" to unite [MACHINE/DOMAIN NAME] with userid, because PSLang accepts escaped strings by default.

In this section: