Flashes (Alerts)
Abstract
This document identifies the supported versions of Google Chrome and provides the procedure for installing the AccessAgent single sign-on extension for Google Chrome.
Content
Applies to: IBM Security Access Manager for Enterprise Single Sign-On
You must install the extension so that you can single sign-on to web applications through Google Chrome.
- Prerequisites
- Download package
- What's new
- Installing the extension
- Uninstalling the extension
- Known issues and limitations
- Creating AccessProfiles for Google Chrome
- Troubleshoot AccessProfiles
- Revision history
Prerequisites
- AccessAgent 8.2.2 with fix pack 21 or later is installed.
- Web Autolearn AccessProfile , Version 1.2 or later.
- Google Chrome (latest release).
Note: An Internet connection is required for Google Chrome to download the web extension from the Google Chrome Web Store.
Download package
| Extension | Release date | Size | Download |
|---|---|---|---|
| Google Chrome extension 8.2.2.0621 | 30 October 2023 | 1.53 MB |
What's new
Resolved the following defects:
- Security vulnerability related to Jquery.js is addressed and the version is upgraded to the latest recommended version and Manifest version upgraded from V2 to V3.
Resolved the following defects:
- APAR IJ36262, IJ36263: Broker exits after a while due to network error between web extension and broker.
-
APAR IJ33253: SSO does not work if password contains special characters other than ASCII.
-
APAR IJ30830: Garbled characters displayed when profile is created on webpage having characters other than ASCII.
- APAR IJ26869: Cannot drag and drop file on shared point if IBM Security Access Manager for Enterprise Single Sign-On Chrome extension installed.
- APAR IJ5121 Unnecessary credential capture pop-up in case of 'bearer' authentication scheme.
- Code signing of installer and uninstaller executables.
- Web signature generation functionality is now supported with the Google Chrome web browser for creating AccessProfiles.
31 July 2018: Version 8.2.2.0160
- Installation and uninstallation issue when AccessAgent is not installed in the default installation directory.
20 April 2018: Version 8.2.2.0158
- None.
Installing the extension
Part 1: Setting up the extension in Google Chrome
- Close any running instances of Google Chrome.
- Run chrome-extension.installer.exe with administrator privileges.
- Start Google Chrome.
Note: Google Chrome will automatically download the extension from the Google Chrome Web Store. - At the top right, click More
> More tools > Extensions.
Ensure that ISAM ESSO is enabled.
Part 2: Update the AutoLearn AccessProfile
- On the IMS Server, backup the earlier version of the Autolearn AccessProfile, sso_site_web_auto_learn, and then delete the earlier version from your server.
- Upload the updated AccessProfile, sso_site_web_auto_learn, to the IMS Server.
For more information, see Uploading information. - Synchronize the AccessAgent with the IMS Server.
Note: Basic Authentication support for Google Chrome does not require any AccessProfiles. The web extension provides bundled support for Basic Authentication.
Uninstalling the extension
- Close any running instances of Google Chrome.
- Run chrome-extension.uninstaller.exe with administrator privileges.
- Start Google Chrome.
- On the toolbar, click More
. - Click More tools > Extensions.
- Verify that the extension is no longer displayed.
Known issues and limitations
- The Browser starts navigating form page trigger fires when a Web form on the page is submitted.
- The AccessStudio Web Finder tool is not supported on Google Chrome. To generate the signature, use the Internet Explorer web browser.
- The following web triggers are not supported:
- Browser closed
- The following web actions are not supported:
- Register for SCR with the IMS Server
- Perform SCR with the IMS Server
- The following Run Script APIs are not supported:
- runtime.GetBrowserObjectFromHTMLDocument
- runtime.GetBrowserTopLevelWindow
- runtime.GetHTMLDocument
- runtime.GetHTMLElementsFromXPath
- runtime.GetWebAgentController
- windowcontroller.GetHTMLDocumentFromWindow
- For the Basic Authentication, the ISAM ESSO Capture Credential prompt might appear in the background.
- In certain scenarios highlighting of HTML button elements from the generated XPath signature might not work, although the AccessProfile with the generated XPath will work.
- Press the space bar if the Window Signature is Invalid popup displays behind the Highlight Control notification window.
Creating AccessProfiles for Google Chrome
To create AccessProfiles for Google Chrome, install the AccessStudio.
Troubleshoot AccessProfiles
In general, AccessProfiles for web applications that you create for Internet Explorer will also work with Google Chrome.
If an AccessProfile that you create, is working in Internet Explorer but not Google Chrome, use the following troubleshooting steps.
Increase the log level for AccessAgent
In the registry editor, browse to HKEY_LOCAL_MACHINE > SOFTWARE > IBM > ISAM ESSO > ECSS > DeploymentOptions.
- Increase the value for LogLevel to 4.
- Increase LogFileSize to more than 10240 (decimal value).
Collect logs from the Google Chrome browser
- Open the Google Chrome browser.
- Press F12 to open Developer Tools.
- Recreate the problem.
- In Console tab, select all the content, and copy it to a file named ChromeBrowserConsole.log.
- Copy this file to <aa_install_folder>\logs.
If the issue is related to identifying a web element, see Reviewing the signature from the Google Chrome browser.
Note: If you are requested by IBM Support, package the logs folder into a file and send the compressed file to IBM Support.
Reviewing the signature from the Google Chrome browser
Before you review the signature, ensure that you have exported the browser console logs to ChromeBrowserConsole.log. See Collect logs from the Google Chrome browser.
For a single sign-on AccessProfile to work successfully, you must find the correct web element signature. The following line is an example of a typical signature:
/child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"]
In the ChromeBrowserConsole.log, this line indicates that the signature is not found. This line appears in the logs that you collect from the Browser Console.
WebFinder Result: Parse error; xpath = "/child::html/descendent::form/descendent::input[@tag_name=\"input\" and @type=\"password\"]"
To diagnose this problem, follow the steps below:
1. Look for the following line. In this line, the parser starts to look for the signature.
---- PROCESS QUERY STARTS: xpath = /child::html/descendent::form/descendent::input[@tag_name="input" and @type="password"] ----
2. For each step of the XPath, you can see a corresponding set of properties. For example, for the /descendent::form,
---- PARSER INTERNAL STARTS: After getDescendantFormNode ----
_vecCurrentElements = Array (
[0] => { tag: FORM, id: tsf, name: f }
)
_State = 0
_currentOperator = 0
_currentPredOperator = 0
_mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
_mmCurrentPredicate = Array ( )
_wsCurrentExprName =
_wsCurrentExprValue =
_wsAttributeName =
_wsAttributeExpr =
_wsPostEvalExprValue =
_vecAttributes = Array ( )
---- PARSER INTERNAL ENDS ----
- Note the action getDescendantFormNode. This is the action being performed. This action shows which step of the parsing is being run.
- _vecCurrentElements is the current set of matches found after running the action. The result of getDescendantFormNode is a FORM with the NAME f and ID tsf
3. For predicates or conditions, such as [@tag_name="input" and @type="password"], look for reducePredicate: @tag_name="input" and @type="password" .
reducePredicate: @tag_name="input" and @type="password"
---- PARSER INTERNAL STARTS: After reducePredicate ----
_vecCurrentElements = Array ( )
_State = 4
_currentOperator = 1
_currentPredOperator = 0
_mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
_mmCurrentPredicate = Array ( )
_wsCurrentExprName = type
_wsCurrentExprValue = password
_wsAttributeName =
_wsAttributeExpr =
_wsPostEvalExprValue =
_vecAttributes = Array ( )
---- PARSER INTERNAL ENDS ----
- Note that _vecCurrentElements at this point is empty. This implies that no element is found to match this condition.
- Review the previous lines on the logs to identify precisely where _vecCurrentElements is set to an empty value. From this information, you can identify the first action that resulted in a no-match.
- Check the information provided for the HTML elements that matched the previous action or clause to identify what is missing. For instance, the last log entry with some matches was in getDescendantInputNode.
---- PARSER INTERNAL STARTS: After getDescendantInputNode ----
_vecCurrentElements = Array (
[0] => { tag: FORM, id: tsf, name: f }
[1] => { tag: INPUT, name: sclient, type: hidden }
[2] => { tag: INPUT, name: site, type: hidden }
[3] => { tag: INPUT, name: source, type: hidden }
[4] => { tag: INPUT, id: lst-ib, class: gsfi, name: q, type: text }
[5] => { tag: INPUT, id: gs_taif0, class: gsfi }
[6] => { tag: BUTTON, class: lsb, name: btnG, type: submit }
[7] => { tag: INPUT, name: oq, type: hidden }
[8] => { tag: INPUT, name: gs_l, type: hidden }
[9] => { tag: INPUT, name: pbx, type: hidden }
)
_State = 0
_currentOperator = 0
_currentPredOperator = 0
_mmCurrentClause = { op: 0, vecNVPairs = Array ( ) }
_mmCurrentPredicate = Array ( )
_wsCurrentExprName =
_wsCurrentExprValue =
_wsAttributeName =
_wsAttributeExpr =
_wsPostEvalExprValue =
_vecAttributes = Array ( )
---- PARSER INTERNAL ENDS ----
- Note that in the list of matched elements, none of the INPUT fields found has a type called password causing the condition to fail.
You can use the approach described in this example as an alternative to opening the HTML source. Opening the HTML source can be misleading because of the quirks in the browser.
Tip: Blocks for reduceExprName, setOperator, reduceExprValue and postEvalExprValue can be usually ignored. - If the generated web signature contains dynamic attributes, for example, dynamic ID, then the web signature can be evaluated by removing the dynamic attribute to make it work consistently.
Check the properties of web elements for Google Chrome and other browsers
Under some instances, some web applications might use different properties for the same web element in Google Chrome and Internet Explorer.
In the section Reviewing the signature from the Google Chrome browser, if you discover that the signature is found in one browser but not the other, consider tweaking properties for the web elements for both Google Chrome and other browsers.
Examples of properties include name, id, type.
To inspect the web elements:
1. Launch the web application in both Internet Explorer and Google Chrome.
2. In the following browsers, press F12 to launch Developer tools and complete the following steps:
| Web browser | Do: |
| Internet Explorer | Under the DOM Explorer tab, click  . |
|
Google Chrome
Microsoft Edge Chromium-based
Microsoft Edge
Mozilla Firefox
|
In the Developer Tools pane toolbar, click  . |
3. Identify the web elements properties that are common between the web browsers and modify the signature in AccessStudio accordingly.
4. If a generated web signature contains dynamic attributes, for example, attributes values change after each page loads or attribute values are different across browsers, then you must remove these dynamic attributes. Modify the web signatures by identifying common and static attributes that you can use across different browsers.
Revision history
| Date | Description |
| 30 October 2023 | Version 8.2.2.0621. Defect fixes. Manifest version upgraded from V2 to V3. |
| 11 January 2022 | Version 8.2.2.0532. Defect fixes. |
| 30 June 2021 | Version 8.2.2.0514. Defect fixes. |
| 28 August 2020 | Version 8.2.2.0462. Defect fixes. |
| 30 June 2020 | Version 8.2.2.0460. Defect fixes. |
| 27 March 2020 | Version 8.2.2.0457. Single sign-on support is enhanced for Angular web applications |
| 29 March 2019 | Version 8.2.2.0404: Added support for web signature capture with AccessStudio. |
| 31 July 2018 | Defect fixes. |
| 20 April 2018 | Initial. |
Related Information
Was this topic helpful?
Document Information
Modified date:
08 January 2024
UID
swg22015261