GUI: Sign In

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

General

GUI Reference: Sign In

For more information about user authentication in CodeSonar, see Authentication and Access Control.

Navigating to
Page Contents
Sign In
Create Account
Forgot Password
Enter Emailed Code
Navigating from
Related Tasks

Important Note: the CodeSonar Web GUI makes extensive use of JavaScript. Make sure JavaScript is enabled in your web browser.

Navigating to the Page

The Sign In page can be reached in any of the following ways.

From any page:	Click the Sign In link in the GUI page header: If you are already logged in, the Sign in link will not be available. In its place will be an icon with your username: . To sign out, click this icon then click the Sign Out link that pops up.
By URL:	http://hub_location/sign_in.html
other cases:	If you try to perform an operation that is not permitted for the user account you are currently signed into (including the case where you are in an anonymous session and the operation is not permitted for special user Anonymous), CodeSonar will automatically navigate to the Sign In page and prompt you to sign in as a user with sufficient permissions.

Page Properties

Output formats

none

Visibility Filter Applied

none

RBAC Permissions Needed

Note that in most cases you will be visiting the Sign In page in an anonymous session, so the permissions applied will be those for special user Anonymous (rather than your own hub user account).

Page Contents/Functionality	G_ADMINISTER_USERS G_CHANGE_OWN_EMAIL G_CHANGE_OWN_PASSWORD G_CREATE_USER G_LICENSE_READ G_MANAGE_USERS G_RECOVER_OWN_PASSWORD G_SIGN_IN G_SIGN_IN_CERTIFICATE G_SIGN_IN_PASSWORD

Page Contents

The following annotated screen shot shows the various parts of the Sign In page.

annotated screenshot: create account page

Standard Header	See GUI Reference: Standard Header.
Breadcrumbs	The Sign In page does not have a breadcrumb trail.
Page Heading	The Sign In page does not have a heading.
Page Tabs	The Sign In page is divided into "tabs" that group related content. Use these links to move between the tabs. The available tabs are sign in (the default), enter emailed code (not always available), and create account. If HTTPS is enabled and the hub permits certificate-based user authentication, there will be a tab for signing in with a certificate. If you have installed one or more Single Sign-On (SSO SAML) or OpenID authentication services, there will be an additional tab for each such service. The tab link text for each service will be sign in with authname where authname is the service Name. The standard Sign In tab will have link text sign in with password (rather than sign in). The authentication option tabs are ordered by service Priority, lowest value to highest. The tab with lowest Priority value is displayed by default. The sign in with password tab is ordered as if it has Priority 10. Note that if certificate-based authentication is configured, the sign in with certificate tab will always appear next to the sign in with password tab. Click the tab to authenticate with the corresponding service.
Tab Contents	The contents of this pane depend on the selected tab - sign in (the default), forgot password, enter emailed code, or create account - as described below.
Standard Footer	See GUI Reference: Standard Footer.

Sign In with Password Tab

For signing in when you already have a hub user account.

Functionality for signing in with a username and password is always available.

screenshot fragment: Sign In tab

Authenticate with Password	Username	The username for the account. Note that usernames are case sensitive (this is so that international character sets can be accommodated).
	Password	The password associated with Username. This can be a hub user account password, or the password from a third-party authentication service that is configured for the hub.
	forgot password?	Click if you have forgotten your account password. CodeSonar will open the Forgot Password tab.
	Sign In button	Sign in with the username and password provided.

Sign in with username and password

Signing into a user account with a username and password is only possible for accounts that have G_SIGN_IN and G_SIGN_IN_PASSWORD permissions.

To sign in:

Enter your username in the Username field.
Enter your password in the Password field. This can be:
- the hub user account password for Username (if there is one), or
- the password associated with Username in one of the third party authentication mechanisms configured for the hub.
Click Sign In.

If all goes well:	You will be signed in under the specified account. If there is not currently an email address associated with the account and the account has G_CHANGE_OWN_EMAIL permission, you will be prompted to specify an email address. If you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed. Otherwise, you will be navigated to a screen with the contents You are signed in as username. Sign Out. Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.
Otherwise:	If there is a problem with any of the information provided (see the requirements above for details), CodeSonar will print a warning message. At this point, the options are as follows. Troubleshoot: you may need to ask a local system administrator, or the hub administrator, for assistance. Do you have a hub user account? You may need to create one. Does the account have both G_SIGN_IN and G_SIGN_IN_PASSWORD permissions? Is the account username exactly as expected (including case)? Have you forgotten the password? You may need to reset it, or ask a hub administrator to reset it from the Account Editor. Try again: use the information in the warning message to correct the problematic field or fields, then click Sign In. Sign in with a certificate instead of with a username and password. Abandon sign-in entirely: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

If all goes well:

You will be signed in under the specified account.

If there is not currently an email address associated with the account and the account has G_CHANGE_OWN_EMAIL permission, you will be prompted to specify an email address.
If you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed.
Otherwise, you will be navigated to a screen with the contents
You are signed in as username. Sign Out.
Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Otherwise:

If there is a problem with any of the information provided (see the requirements above for details), CodeSonar will print a warning message. At this point, the options are as follows.

Troubleshoot: you may need to ask a local system administrator, or the hub administrator, for assistance.
- Do you have a hub user account? You may need to create one.
- Does the account have both G_SIGN_IN and G_SIGN_IN_PASSWORD permissions?
- Is the account username exactly as expected (including case)?
- Have you forgotten the password? You may need to reset it, or ask a hub administrator to reset it from the Account Editor.
Try again: use the information in the warning message to correct the problematic field or fields, then click Sign In.
Sign in with a certificate instead of with a username and password.
Abandon sign-in entirely: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Sign in with Certificate Tab

Signing into a user account with a TLS certificate is only possible for accounts that have :

G_SIGN_IN and G_SIGN_IN_CERTIFICATE permissions, and
at least one associated user certificate.

Additionally:

your browser must have access to a local copy of the user certificate you wish to present, along with the corresponding private key, and
the hub must have HTTPS enabled and be configured to permit certificate-based user authentication to see this tab.

screenshot fragment: Sign In tab

To sign in:

Click Choose Certificate (under Authenticate with Certificate).
The browser will prompt you to select a certificate (unless your browser remembers which certificate you have used with the hub in the past; restarting the browser may cause it to forget ).
Select the user certificate you wish to use, and confirm as prompted by your browser.

If all goes well:	You will be signed in under the specified account. If there is not currently an email address associated with the account and the account has G_CHANGE_OWN_EMAIL permission, you will be prompted to specify an email address. If you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed. Otherwise, you will be navigated to a screen with the contents You are signed in as username. Sign Out. Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.
Otherwise:	If there is a problem with certificate communication, your browser will print an error message. At this point, the options are as follows. Troubleshoot: you may need to ask a local system administrator, or the hub administrator, for assistance. If the error message does not provide enough information, the following questions may be useful. Do you have a hub user account? You may need to create one. Does the account have both G_SIGN_IN and G_SIGN_IN_CERTIFICATE permissions? Does the account have at least one certificate in its user certificates set? You may need to configure one, or ask a hub administrator to configure one for you. Does your browser have a local copy of at least one of those certificates, along with the corresponding private key? You may need to consult your browser's certificate management documentation. Is HTTPS enabled on the hub, and is it configured to allow certificate-based user authentication? Sign in with a username and password instead of with a certificate. Abandon sign-in entirely: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

If all goes well:

You will be signed in under the specified account.

If there is not currently an email address associated with the account and the account has G_CHANGE_OWN_EMAIL permission, you will be prompted to specify an email address.
If you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed.
Otherwise, you will be navigated to a screen with the contents
You are signed in as username. Sign Out.
Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Otherwise:

If there is a problem with certificate communication, your browser will print an error message. At this point, the options are as follows.

Troubleshoot: you may need to ask a local system administrator, or the hub administrator, for assistance. If the error message does not provide enough information, the following questions may be useful.
- Do you have a hub user account? You may need to create one.
- Does the account have both G_SIGN_IN and G_SIGN_IN_CERTIFICATE permissions?
- Does the account have at least one certificate in its user certificates set? You may need to configure one, or ask a hub administrator to configure one for you.
- Does your browser have a local copy of at least one of those certificates, along with the corresponding private key? You may need to consult your browser's certificate management documentation.
- Is HTTPS enabled on the hub, and is it configured to allow certificate-based user authentication?
Sign in with a username and password instead of with a certificate.
Abandon sign-in entirely: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Create Account Tab

For creating a new hub user account.
You will only be able to access this tab if special user Anonymous has G_CREATE_USER permission.

screenshot fragment: Create Account tab

Username	The username for the new account. Must have at least one (1) character, and must not be associated with an existing hub user account. They are case sensitive (this is so that international character sets can be accommodated).
Email	The email address to be associated with the account.
Password	A password for the new account. Under default hub settings, the following minimum password requirements apply. Minimum length: 12 characters Minimum number of character classes (e.g. 'upper case', 'lower case', 'digit'): 3 If the hub password policy has been modified, a different set of constraints may apply.
Verify Password	A field for re-entering the password. Must match the password entered in the Password field.
Enabled	Select to assign the special Enabled role to the new user account, (in addition to assigning all roles held by the default template user).
Create account button	Create a new account with the information provided, where other properties are copied from the current default template user.

The Create Account tab is very similar to the separate Create Account page, but differs in the following ways.

It is only available to anonymous sessions, and only if user Anonymous has G_CREATE_USER permission.
It does not provides the option to select a template user, because Anonymous is always treated as if it does not have G_ADMINISTER_USERS permission. The default template user is always used.
If the new user account has G_SIGN_IN and G_SIGN_IN_PASSWORD permissions, you will be signed into it once it is created.

Creating a New Account

To create a new account:

Enter the username for the new user into the Username field.
Enter the user's contact email address in the Email Address field.
Enter the initial password for the new user into the Password field.
Enter the initial password into the Verify Password field.
Select Enabled if you want to assign the Enabled role to the new account, otherwise deselect it.
Being assigned the Enabled role is sufficient to guarantee that the new user account will have G_SIGN_IN permission, but note the following.
- The user will also need at least one of at least one of G_SIGN_IN_CERTIFICATE, G_SIGN_IN_PASSWORD in order to sign in. If the roles copied from the default template user do not provide at least one of these permissions, the new user will not be able to sign in.
- If an administrator has added further role-permissions to the Enabled role, those will also apply.
Click Create account.

If all goes well:	The new account will be created. If the new account has G_SIGN_IN and G_SIGN_IN_PASSWORD permissions (this will depend on the permissions assigned to the default template user's roles, and on whether or not you selected Enabled), you will be signed in under that account. If you created this account because you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed. Otherwise, you will be navigated to a screen with the contents You are signed in as username. Sign Out. Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page. If the new account does not have G_SIGN_IN and G_SIGN_IN_PASSWORD permissions CodeSonar will print a warning message explaining that the new user cannot sign in.
Otherwise:	If there is a problem with any of the information provided (see the requirements above for details), CodeSonar will print a warning message instead of creating the new account. At this point, the options are: Try again: use the information in the warning message to correct the problematic field or fields, then click Create account. Abandon account creation: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

If all goes well:

The new account will be created.

If the new account has G_SIGN_IN and G_SIGN_IN_PASSWORD permissions (this will depend on the permissions assigned to the default template user's roles, and on whether or not you selected Enabled), you will be signed in under that account.

If you created this account because you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed.
Otherwise, you will be navigated to a screen with the contents
You are signed in as username. Sign Out.
Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

If the new account does not have G_SIGN_IN and G_SIGN_IN_PASSWORD permissions CodeSonar will print a warning message explaining that the new user cannot sign in.

Otherwise:

If there is a problem with any of the information provided (see the requirements above for details), CodeSonar will print a warning message instead of creating the new account. At this point, the options are:

Try again: use the information in the warning message to correct the problematic field or fields, then click Create account.
Abandon account creation: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Forgot Password Tab

For requesting a forgotten password code.

screenshot fragment: Create Account tab

Username	The username associated with the account.
Send Email button	Email a forgotten password code to the specified user, provided that they have G_RECOVER_OWN_PASSWORD permission.

Obtaining a forgotten password code

To request a code for resetting your password:

Enter the username associated with the account in the Username field on the Forgot Password tab.

Click Send Email.

If all goes well:	The forgotten password code will be emailed, and CodeSonar will display the Enter Emailed Code tab.
Otherwise:	CodeSonar will not email a forgotten password code if: the entered username that is not associated with a hub user account, or the username is associated with an account that does not have G_RECOVER_OWN_PASSWORD permission, or no SMTP server has been specified for the hub. For security reasons, CodeSonar will not notify that it is not emailing a code, nor specify the reason. If you do not receive an emailed code within a reasonable timeframe, consult your hub administrator for assistance. The administrator may need to do one or both of the following. Specify an SMTP server on the SMTP tab of the Settings page. Reset your password from the Account Editor.

If all goes well:

The forgotten password code will be emailed, and CodeSonar will display the Enter Emailed Code tab.

Otherwise:

CodeSonar will not email a forgotten password code if:

the entered username that is not associated with a hub user account, or
the username is associated with an account that does not have G_RECOVER_OWN_PASSWORD permission, or
no SMTP server has been specified for the hub.

For security reasons, CodeSonar will not notify that it is not emailing a code, nor specify the reason. If you do not receive an emailed code within a reasonable timeframe, consult your hub administrator for assistance. The administrator may need to do one or both of the following.

Specify an SMTP server on the SMTP tab of the Settings page.
Reset your password from the Account Editor.

To use the code, see Resetting a Password, below.

Enter Emailed Code Tab

For resetting a forgotten password once you have obtained a forgotten password code.

screenshot fragment: Create Account tab

Emailed Code	The forgotten password code received in email from CodeSonar.
New Password	A new password for the account. Under default hub settings, the following minimum password requirements apply. Minimum length: 12 characters Minimum number of character classes (e.g. 'upper case', 'lower case', 'digit'): 3 If the hub password policy has been modified, a different set of constraints may apply.
Verify New Password	A field for re-entering the password. Must match the password entered in the New Password field.
Sign In button	Change the account password and sign in.

Resetting a Password

You will require G_RECOVER_OWN_PASSWORD permission to obtain a code, and G_CHANGE_OWN_PASSWORD permission to reset your password.

To reset a forgotten account password:

If you haven't already requested a forgotten password code, do it now.
Wait until email from CodeSonar arrives at the email address associated with the account, then open the email to retrieve the enclosed forgotten password code.
Enter the forgotten password code in the Emailed Code field.
Enter a new password for the account in the New Password field, then enter it again in the Verify New Password field.

Click Sign In.

If all goes well:	The account password will be changed, and you will be signed in under that account. If you created the account because you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed. Otherwise, you will be navigated to a screen with the contents You are signed in as username. Sign Out. Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.
Otherwise:	If there is a problem with any of the information provided, CodeSonar will print a warning message instead of resetting the account password. At this point, the options are: Try again: use the information in the warning message to correct the problematic field or fields, then click Sign In. Abandon password resetting: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

If all goes well:

The account password will be changed, and you will be signed in under that account.

If you created the account because you were asked to sign in to perform some operation (including navigation) in the web GUI, that operation will now proceed.
Otherwise, you will be navigated to a screen with the contents
You are signed in as username. Sign Out.
Click Sign Out to sign out, use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Otherwise:

If there is a problem with any of the information provided, CodeSonar will print a warning message instead of resetting the account password. At this point, the options are:

Try again: use the information in the warning message to correct the problematic field or fields, then click Sign In.
Abandon password resetting: use your browser's Back functionality to go back to an earlier page, or select Home from the page header to go to the Home page.

Navigating from the Page

sign in and go back to previous page (if any)	see Sign with username and password and Sign in with certificate, above
create a new account, sign in under that account, and go back to previous page (if any)	see Creating a New Account above
reset a forgotten account password, sign in under that account, and go back to previous page (if any)	see Obtaining a forgotten password code and Resetting a Password, above

Related Tasks

Add a new user account

To report problems with this documentation, please visit https://support.codesecure.com/.