Provblems logging into HP Application Lifecycle Management 11.52.634

Hi @OLLI_S,

Try saving it manually to see if it helps:

1. Type in your username and password on the ALM site but do not submit the form yet
2. Click on the 1Password button in your browser's toolbar and go to Settings > Save New Login

Try again, see if it works. If not, is this a public-accessible site that we can look at, so we can see how it works?

If it is not using the standard HTML fields, then 1Password won't work on it, it can only fill the standard HTML forms, not Java applet or ActiveX like that.

Hi @OLLI_S,

When you're on ALM site's login page, what do you see when you right-click onto the login form, the standard menu? Flash, Java or other technologies tend to have a different contextual menu and may show the version information as well.

Can you try to open it in a different browser to see what error it shows, they may say no Flash player or Java is supported on the page.

@OLLI_S: I hope you don't mind, but I've moved this to the browser filling category in case there's something we can do on the extension side to improve this. Without knowing the URL so I can test it myself, it's hard to say if that is possible.

Regardless, I wonder if the Auto-Type feature in 1Password for Windows version 4 may help you here:

Creating an application login

In many cases, using Auto-Type will work where 1Password is unable to integrate at all or cannot access text fields (for example, Flash, ActiveX, Java). Let me know if that helps! :)

I use the application login for Steam, so why did it not come in my mind to use it for ALM too.

@OLLI_S: Ah, likewise! I'll be honest, I forget about Auto-Type sometimes too, because I just use the keyboard shortcut without thinking. Once it's setup, it's pretty transparent. Most of the time.

When I press the login hotkey Ctrl+# then the following error message (balloon at the system tray icon) is shown:

1Password could not fill any fields on https://qc.MyCompany.de.awin/qcbin/start_a.jsp

Note: here I replaced the name of my company with the text "MyCompany".

Without being able to see it I can't say for certain, but it sounds like you're running into this issue because Internet Explorer does not allow add-ons to access iframe, and for some bizarre reason some websites put the login form on a different page and load it in a frame. This is also the case with Mobile Safari: iOS extensions cannot access iframe there either. Frankly, I think this is a good thing since the user has no way of knowing which website is actually receiving their data if it's cloaked in a frame. And there isn't any way around this apart from the Auto-Type workaround you mentioned. I'm sorry I don't have a better answer for you.

@OLLI_S: It's certainly something worth considering, but you're right that it could pose a risk. For example, if you flag a login to ignore a Watchtower warning, and then you miss future warnings because of that. And certainly any time we add options we need to be careful. They add complexity and — potentially — confusion. Sometimes this is "harmless", but when security is involved, someone misunderstanding what it does could leave themselves vulnerable unwittingly. I'm not sure what the solution may be here, so it's good that we're having this discussion! :chuffed:

Indeed. It certainly sounds like you're a bit stuck there with that policy. :(

@OLLI_S: I'm a bit confused since we were previously discussing a website, not Windows processes. Are you referring to the 1Password 4 Auto-Type feature now? Depending on how it's enumerated, this isn't always possible, and there are limitations to what 1Password 4 can do given its age. But it's certainly something we'd like to improve as we develop future versions. :)

@OLLI_S: Ohhh! There's a database. Thanks for explaining that! I know a lot of apps use some really inscrutable window naming schemes, so I understand why that would be necessary for that to work. I see what you mean, and I appreciate you tying that together. That makes sense.

And for KeePass this is very unsafe, because I could have the domain www.hacking.com and in the title bar the text "Welcome to your online banking". This is one reason why I switched to 1Password.
But for HP Application Lifecycle Management the window title would work. This is the reason why I suggested this feature (only after you show a big warning that using the title bar text is very dangerous).

Absolutely! It's convenient, and less of a risk with local apps, but it's trivial for any site to change their title to match another. We can consider something like this for 1Password, but you're correct that given the security risks it would need to be weighed carefully and include appropriate warnings if we go that route. Perhaps we'll be able to come up with an even better solution, both from a user perspective and for security in general. :)

When I wrote "database" I ment the KeePass vault file. KeePass calls it "database", you call it "vault".

@OLLI_S: Doh! You're right, I totally misunderstood that bit. Thanks for setting me straight!

Why not a button that performs {USERNAME}{TAB}{PASSWORD}{ENTER} ?

That's essentially what the Auto-Type button in the top toolbar of the main 1Password app does, if you use it rather than setting up a login to work with the keyboard shortcut. It will ask you to choose the window, and then perform that same sequence.

Here it would be very useful when I can adjust the Autotype Sequence (so {PASSWORD}{ENTER} would also be possible).

There are less cases where this is needed, but I agree that sometimes this would be useful. While 1Password doesn't explicitly support this, you can effectively get this functionality by creating a login item without a username, and then focus the password field before invoking Auto-Type. It's not as slick as the browser extensions, but given that general purpose apps don't offer that functionality it's a good alternative. I hope this helps! :)