4.13.1 SnapAPP Interferes with Password Resets Fixed in XA 4.13.1

SnapAPP Interfered with Password Resets: Fixed in XA 4.13.1

Previous Issue

When a user tries to reset their password from the Password Reset Screen or Forgot Password screen, SnapAPP was preventing users from changing the stored password in the text box. This has been fixed in the 4.13.1 version.

Solution

We have made an improvement in SnapAPP to DisablePageSSO, a registry setting with which a user can specify URLs for a site or domain that shouldn't be treated with SnapAPP as default. Those pages would be excluded or disabled for SnapAPP for that particular site or domain. SnapAPP will no longer fetch and set credentials on those pages, and the user can perform the actions on those pages such as setting a new password.

Steps to Add DisablePageSSO setting in Registry Editor

1. Open the registry editor and open this path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\eXactACCESS\SnapAPP Settings
2. Create a new key under SnapAPP Settings by right-clicking on it, and setting its name to DisablePageSSO.
3. Under DisablePageSSO, create a new key with the name of the domain of the relevant site. Ensure that you write the domain only without HTTP://, HTTP://, or www prefixes.
4. For the domain name key, add those URLs as a string value in the right panel as displayed below. URLs added here should not contain any dynamic parts such as query string values or parameters for username or ID.
   
5. SnapAPP will then check for the DisablePageSSO setting in the registry and will check for the domains. If the domain of the current URL exists in this list, then SnapAPP will check for the blocked URLs for that specific domain and will not fetch and set those credentials for that URL.
6. This process uses Wild Card Pattern Matching to match the current URL with the partial URLs specialized here.

Example

In this example, we have the domain cloud.tenable.com that we want to disable the SnapAPP extension for some pages or URLs. For example, the two URLs are Login Page URL and Forgot/Reset Password Page URL.

1. Login Page: https://cloud.tenable.com/tio/app.html#/login
2. Forgot/Reset Password Page: https://cloud.tenable.com/tio/app.html#/login/password-reset/e3894099254792fb831f4f354acd1354687335e8b1df0918
   Note: Note that this URL has a dynamic part after the /password-reset. This could represent a user ID, category info, or any GUID. Exclude this part when adding it DisablePageSSO setting in the registry.

Case 1: When the user enters the login page URL, it will not match the existing URL in the registry. So SnapAPP will work as usual.

Case 2: When the user enters the password reset page URL, it will match with the existing URL in the registry with the help of the Wild Card Pattern Matching process, as the registry URL is checked with an asterisk (*) included at the end. The user's URL will match with the existing one and SnapAPP will be disabled for that page and will not fetch and set credentials on or for that page.

Note: The DisablePageSSO setting is an advanced setting for SnapAPP. It should not already exist in the registry. If you want this feature, you would need to add this setting under SnapAPP settings in the registry.