Video Screencast Help

Customize ServiceDesk to Allow Manual AD Account Login Without Requiring "domain\" in the Username

Created: 28 Aug 2012 • Updated: 28 Aug 2012 | 1 comment
Language Translations
m.taylor's picture
+2 2 Votes
Login to vote

Where I work our users are not familiar with the idea of logging in to a system with the username format of DOMAIN\username or email address. To complicate things almost a third of our devices login to Windows with generic locked down accounts, which means ServiceDesk's passthrough authentication is useless on these machines. This required we try to find a way around the DOMAIN\ requirement in the username field. The following accomplishes this by checking for the domain name in the username field at submit and if it isn't there adds it. It also checks for an @ symbol and skips adding the domain name if this symbol is found, this allows ServiceDesk only accounts to still login using email address. Because client side javascript is used to accomplish this work there is a chance of behavior being different across browsers/versions, I've made an effort to use well supported methods that will work across all major browsers but I'm not a web developer.

This change will not break existing passthrough authentication, it is only useful for those situations where passthrough is unavailable.

Main Login (http://localhost/ProcessManager/):

Note: This change will be wiped by any Workflow Solution upgrade.

1. Backup Login.aspx located in \Program Files\Symantec\Workflow\ProcessManager

2. Replace with the attached file (Login.txt needs to be renamed Login.aspx), this will allow the username field to accept:

  • domain\username (no change from existing behavior)
  • email address (no change from existing behavior)
  • username (the point of this document)

3. If you want to confirm the changes yourself use a comparison application prior to change, there are 3 spots to update.

  • At the end of the second <script> block, before the <table> that has most of the page content add the following function:
function checkUserName() {
    var txtUserName = document.getElementById('ctl00_contentMain_txtUsername').value;
    if (txtUserName.search(/MYDOMAIN/i) == -1) {
        if (txtUserName.indexOf('@') > 0) {
            return;
        }
        var strDomain = 'MYDOMAIN\\';
        document.getElementById('ctl00_contentMain_txtUsername').value = strDomain.concat(txtUserName);
        return;
    }
}
  • Change MYDOMAIN in the previous function to the NETBIOS name of your domain (2 spots).
  • Next locate: <asp:Button id="lnkLogin" runat="server" Text="Login".... In this line find: OnClientClick="javascript:detect()" and add the bold text as shown: OnClientClick="javascript:detect();checkUserName();"
  • Final change is to locate: "function LoginClick()" near the end of the file. Add: "checkUserName();" (without quotes) on it's own line right after the { symbol below the function name.

The function checks for whether the username field includes the domain\ and if not prepends it. Considering how the last 2 changes can interact this is very important to leave in or when your users try to login it could use the format: "MYDOMAIN\MYDOMAIN\username". The function also allows for non-AD accounts that are email only for the username.

You should now be able to log in manually to the main login screen using only your AD username/password and with all major browsers.

Secondary login screens accessed without going through ProcessManager (ie. http://localhost/SD.Feeder.GeneralIncidentSubmitForm/)

This section is an example, and will have to be repeated everywhere a ServiceDesk Login component exists.

1. Open the SD.Feeder.GeneralIncidentSubmitForm project

2. Open the ServiceDesk Login Web Form Model

3. Right-click the Login button and Add a Custom Event in the Functionality tab.Event = onclick, Event Handler = checkUserName() (attached onclick.png).

4. Right-click the username text field, select Edit Component. Insert txtUserName into the Control ID field under the Functionality tab.

5. Return to the ServiceDesk Login Web Form Model, right click the open area and select Edit Form (checkUserNameFunction.png)

6. Open the Script section in the Behavior tab and add the following:

function checkUserName() {
var txtUserName = document.getElementById('txtUserName').value;
if (txtUserName.search(/MYDOMAIN/i) == -1) {
if (txtUserName.indexOf('@') > 0) {
return;
}
var strDomain = 'MYDOMAIN\\';
document.getElementById('txtUserName').value = strDomain.concat(txtUserName);
return;
}
}

7. Change MYDOMAIN in the previous function to the NETBIOS name of your domain (2 spots).

This should be all that's needed for the alternate login screens as well.

Comments 1 CommentJump to latest comment