Setting Up the Native Messaging Host
The Delinea Native Messaging Host provides a reliable method for storing settings, ensuring that deleting the browser cache does not affect them.
Without the Native Messaging Host, Web Password Filler runs normally, but the end user must supply the Secret Server URL and modify other settings as needed.
The Native Messaging Host contains one executable file and one configuration file. You install these files on your computer. Each time you launch your browser, the Native Messaging Host silently sends default configurations and settings to Web Password Filler.
You can prevent Web Password Filler from functioning on specific URLs by adding those URLs to an exclusion list. Web Password Filler does not access Secrets for URLs on the exclusion list, nor does it fill or auto-populate credentials or other information for those URLs.
To use an exclusion list with Web Password Filler, you must have the Native Messaging Host installed.
Downloading the Native Messaging Host
You can download the Native Messaging Host installer here.
Software Requirements
- .NET version 4.8 or later
- Delinea Web Password Filler version 3.10 or later
Supported Browsers
- Chrome
- Edge Chromium
- FireFox
You can find additional information regarding Native Messaging at:
- https://developer.chrome.com/extensions/nativeMessaging
- https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
Installing and Registering the Native Messaging Host
Installing and registering the Native Messaging Host streamlines management of Web Password Filler settings and ensures those settings remain intact even if the browser cache is cleared.
To install and register the Native Messaging Host:
-
Copy the
ThycoticMessagingHost.exe
andsettings.json
files into an accessible directory, such asC:\Thycotic\Web Password Filler\
. -
Open a command window and enter the following command to register the Native Messaging Host with your browsers:
C:\Thycotic\Web Password Filler\ThycoticMessagingHost.exe --register
The Native Messaging Host cannot interact with Web Password Filler until you complete this registration.
During registration, the Native Messaging Host creates a folder for each browser (Chrome, Edge, Firefox, and Opera) that contains the native messaging host configuration required by each browser. The process also creates registry entries for each browser, either in the current user or local machine registry.
For example, you find HKEY_CURRENT_USER\Software\Google\Chrome\NativeMessagingHosts\com.thycotic.wpf.host
with a default value that is the path to the “native messaging host configuration” file. If you register using the EnableForAllUsers = true
option, you must run the registration as an administrator.
After you successfully register the Native Messaging Host, it automatically checks the configuration file for updates each time you launch your browser. You do not need to unregister or re-register when you change other settings in settings.json
; the changes take effect the next time you launch your browser.
If you manually add the Web Password Filler extension to your browser instead of installing it from the browser store, the extension ID changes. In this case, update the extension ID in settings.json and run the -–register
command again before the extension can communicate with the Native Messaging host.
Uninstalling the Native Messaging Host
The Native Messaging Host no longer communicates with your browser extension once you uninstall it, helping maintain system security and performance.
To uninstall the Native Messaging Host:
-
Open a command window.
-
Run the following command:
C:\Program Files\Thycotic\Web Password Filler\ThycoticMessagingHost.exe --unregister
After you unregister, the Native Messaging Host no longer communicates with Web Password Filler.
Configuring Web Password Filler Settings
The Native Messaging Host manages Web Password Filler settings by modifying the settings.json file. Each time you launch your browser, the Native Messaging Host reads the default configurations and settings from the json file and silently sends them to Web Password Filler. WPF then updates the local storage with the new settings and configurations.
Establishing Default Settings and Browser-Specific Overrides
To customize how the Native Messaging Host manages settings for different browsers, edit the settings.json
file. Modifying this file lets you set default options and create browser-specific overrides, ensuring each browser behaves according to your preferences.
To edit the settings.json
file:
-
Launch a text editor and open the
settings.json
file. -
At the beginning of the
settings.json
file, write one line for each browser, and in that line enter the browser's identification code. -
Label these initial lines as Browser IDs.
-
Add the next set of lines to define the default settings for the Native Messaging Host and label these lines as Default Settings.
-
Apply the default settings to all browsers in the
settings.json
file. -
Create a new section for each browser that requires settings different from the default.
-
Label each new section as Default Overrides per Browser, then begin each override section with the browser's identification code.
-
List the settings in the same order as the default settings.
-
Enter a new value for each setting that differs from the default.
-
Allow the browser-specific value to override the default value for that browser.
-
Save your changes.
Below is an example of how to structure the settings.json
file.
Formatting the settings.json File
The example settings.json
file below sets the Secret Server base URL to https://<your-secretserver-domain>/SecretServe
r, where <your-secretserver-domain>
should be replaced with your actual Secret Server domain name. It assigns the domain as 'local' and enables additional options for WPF. Web Password Filler.
We recommend validating the settings.json
file prior to deployment to ensure that the JSON is formatted correctly. There are many free online tools for validating JSON files.
{
"chromeExtensionId": "mfpddejbpnbjkjoaicfedaljnfeollkh",
"edgeExtensionId": "kjldmpkefedgljefehmmfifbhnjngmbh",
"operaExtensionId": "eemnnadjdifcpkcnpalolohpepihhbbo",
"firefoxExtensionId": "dd1e31d5-3623-45cb-b1ad-64074d36b360@thycotic.com",
"ConfigSSUrl": "https://SomeURL/SecretServer",
"ConfigDomain": "local",
"HideConfigPage": false,
"HideSettingPage": false,
"SettingUserSSLogin": true,
"SettingPrompToSave": true,
"SettingShowPopup": true,
"SettingHideReadOnlyFolders": true,
"SettingEnableAutoPopulate": true,
"EnableForAllUsers": false,
"PopupDefaultPosition": true,
"ExactMatchUrl": false,
"maxSessionRecordingLimit": 120,
"Exclude": [ "http://*" ],
"ExcludeException": [],
"PerExtensionOverride": [
{
"id": "mfpddejbpnbjkjoaicfedaljnfeollkh",
"ConfigSSUrl": "https://SomeURL/SecretServer",
"ConfigDomain": "",
"HideConfigPage": true,
"HideSettingPage": false,
"SettingUserSSLogin": true,
"SettingPrompToSave": true,
"SettingShowPopup": true,
"SettingHideReadOnlyFolders": true,
"SettingEnableAutoPopulate": true,
"EnableForAllUsers": false,
"PopupDefaultPosition": false,
"ExactMatchUrl": true,
"maxSessionRecordingLimit": 120,
"Exclude": [
"http://*",
"http://endoftheinternet.com",
"https://www.MyCompanySite.com",
"https://live.com/"
],
"ExcludeException": [
"https:// MyCompanySite.com/Login.html",
"https://login.live.com/login.srf"
]
},
{
"id": "kjldmpkefedgljefehmmfifbhnjngmbh",
"ConfigSSUrl": "https://localhost/SecretServer/",
"ConfigDomain": "",
"HideConfigPage": false,
"HideSettingPage": false,
"SettingUserSSLogin": false,
"SettingPrompToSave": false,
"SettingShowPopup": false,
"SettingHideReadOnlyFolders": false,
"SettingEnableAutoPopulate": false,
"PopupDefaultPosition": false,
"ExactMatchUrl": false,
"maxSessionRecordingLimit": 120,
"Exclude": [ "http://*" ],
"ExcludeException": []
},
{
"id": "dd1e31d5-3623-45cb-b1ad-64074d36b360@thycotic.com",
"HideConfigPage": false
},
{
"id": "eemnnadjdifcpkcnpalolohpepihhbbo"
}
]
}
Configuring Boolean and Session Settings
Customize your settings.json file to control Web Password Filler’s behavior. Use boolean options and session durations to adjust menu placement, URL matching, and how long sessions are recorded.
To configure boolean and session settings:
-
Open the
settings.json
file in your text editor. -
Set the boolean setting for the menu position:.
-
Set it to true to place the menu in the upper right corner.
-
Set it to false to display the pop-up below the credentials field.
-
-
Set the boolean setting for URL matching:
-
Set it to true to accept only URLs that match the specified pattern.
-
Set it to false to allow partial URL matches.
-
-
Enter a session recording duration.
The default value is 120 minutes, and the maximum is 480 minutes.
-
Scroll to the section labeled with the browser's identification code and enter a different session recording duration value to override the default for that specific browser.
-
Save the
settings.json
file.
Parameter | Default | Description |
---|---|---|
chromeExtensionID | "mfpddejbpnbjkjoaicfedaljnfeollkh" | This is the ID required for the Chrome browser registration. |
edgeExtensionId | "kjldmpkefedgljefehmmfifbhnjngmbh" | This is the ID required for the Edge browser registration. |
operaExtensionId | "eemnnadjdifcpkcnpalolohpepihhbbo" | This is the ID required for the Opera browser registration. |
firefoxExtensionId | "dd1e31d5-3623-45cb-b1ad-64074d36b360@thycotic.com" | This is the ID required for the Firefox browser registration. |
ConfigSSUrl | "https://SomeURL/SecretServer" | This is the URL for your Secret Server instance. |
ConfigDomain | "local" | This is the domain identification either local or your corporate network domain. |
SettingUserSSLogin | true | Boolean that sets the checkbox to enable the Secret Server Login option. |
SettingPrompToSave | true | Boolean that sets the checkbox to enable the Prompt to Save option. |
SettingShowPopUp | true | Boolean that enables login credentials to pop up automatically. If false you just need to click the Delinea checkmark. |
SettingEnableAutoPopulate | true | Boolean that sets the checkbox to enable the Auto Populate option for secrets and passwords. |
EnableForAllUsers | false | Boolean specifying if the Native Messaging Host is available under the local user context only or made available for all users. If set to true, it allows all users on the machine to access the settings.json file as long as it's in a shared location. If set to false it only applies to the current logged in user no matter where the file is stored. Changes impacting the registry keys also require admin permissions if EnableForAllUsers is set to true. |
PopupDefaultPosition | true | Boolean that positions the menu in the upper right corner of the screen. If false the popup appears below the credentials fields. |
ExactMatchUrl | false | Boolean that configures WPF to recognize only exact URL matches |
maxSessionRecordingLimit | 120 | The number of minutes allowed for a session recording. Default is 120 minutes and maximum allowed is 480 minutes. |
Exclude | [list] | Refer to Site Exclusions and Exceptions below. Accepts wildcards. |
ExcludeException | [list] | Refer to Excluding Sites and Making Exceptions below. Does NOT accept wildcards. |
SecretServerLoginWindo | false | If disabled then login window used to open in new tab in same browser. |
matchSessionByHost | true |
If enabled us host/origin instead of base domain to determine if two tabs record to the same session. If disabled use the base domain. By Default, it's enabled that is by host/origin. |
PerExtensionOverride | Contains a section for each browser type, with custom values for the 15 settings described in this table (ConfigSSUrl, ConfigDomain, HideConfigPage, etc.). | If a value in this section differs from the default value established at the top of the JSON file, the value here takes precedence for that browser, and overrides the default value. |
Excluding Sites and Making Exceptions
You configure exclusions and exceptions in Web Password Filler to control which websites the extension interacts with, ensuring it fills credentials only on authorized login pages. This prevents the extension from interfering with registration forms or other non-login pages.
To exclude sites and make exceptions:
-
Open the
settings.json
file for the Native Messaging Host using a text editor. -
Go to the Native Messaging Host settings.
-
In the Exclude section, enter a wildcard such as
https://*
and/orhttp://*
to exclude all sites. -
In the ExcludeException section, add the exact URL of each login page you want WPF to interact with, omitting any query strings.
For example, https://MyCompanySite.com/login.aspx
Use wildcards only in the Exclude section and always use the precise URL in the ExcludeException section.
Setting UI Behavior Based on Preferences
You can update UI behavior settings to control user access and tailor the application's configuration to your organization's need. These settings are controlled by editing the settings.json
file, which the application reads to determine which preferences and server details are visible or changeable in the UI.
To set your UI behavior settings:
-
Open the settings.json file in a text editor.
-
Set each preference on the Preferences page to true or false.
- Enter the Secret Server URL and Domain as strings (text wrapped in quotation marks).
You can choose to hide the preferences and configuration pages from end users by setting the appropriate flags in this file, preventing unauthorized changes.
Managing Error Messages
The native-messaging file records error messages and stores them in the same folder where you install the Native Messaging Host. You use the error messages in this file to troubleshoot issues or provide details when you contact Delinea support services.
Error Message | Meaning | Resolution |
---|---|---|
There are elements missing from settings.json. Review the documentation and update settings.json with the missing attributes. | settings.json is missing required elements. | Review the settings.json format, ensure all elements are present, and verify the file is well formatted. |
This application must be run as an administrator when registering for All Users. | The 'EnableForAllUsers' setting is true, but the user lacks administrator permissions to update the registry key. | Run the application as an administrator to register the Native Messaging Host for all users. |
To register the Native Messaging Host, run cmd.exe ThycoticMessagingHost.exe –register To unregister the Native Messaging Host, run cmd.exe ThycoticMessagingHost.exe --unregister Press any key to exit. | ThycoticMessagingHost.exe was executed without a required command line option. | Use --register or --unregister as a command line argument when running ThycoticMessagingHost.exe. |
Incorrect command line. Review the documentation to register or unregister this application. | Only --register and --unregister are valid command line options. |
Review the documentation and use only the supported command line options to register or unregister. |