ServiceDesk

 View Only
Expand all | Collapse all

Skip Authentication Window - SD 7.5

  • 1.  Skip Authentication Window - SD 7.5

    Posted Mar 14, 2014 07:13 AM

    Hello,

    In our environment, users clear 2 step authentication when they attempt access to ServiceDesk Console using servicedesk.xxxxx.com is visited.:

    Step 1: NTLM Authentication where we need to enter our Domain ID and Password.

    Step 2: ProcessManager Authentication, where again we may enter our Domain ID or Email Address and relevant Password. However, you get the Step 2 authentication only if you fail to get cleared at Step 1 i.e. user hits cancel at the first step.

    Attached are the windows I am referring to.

    1. Would it be possible to disable the first step and users should directly to Step 2 i.e. to the ServiceDesk console authentication when servicedesk.xxxxx.com is visited?

    2. Also, would it be possible to change the the 'Forgot Password' text on ServiceDesk console login page to something like 'Click here to request a password reset' ?

    Thanks in advance.

    Thanks
    Snm1502



  • 2.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 14, 2014 09:48 AM

    1. Probably, but I don't know how. Sorry.

    2. The text for that can be changed directly in the .aspx file, I believe. C:\Program Files\Symantec\Workflow\ProcessManager\Login.aspx.



  • 3.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 14, 2014 09:50 AM

    I believe the first window comes up when you enable AD Authentication in the process manager settings (admin>portal>master settings).

    If your computers are on the domain, you could setup passthrough authentication and eliminate all the logging in.

    Chrome gets its settings from IE in regards auto-login/passthrough authentication. If you put your domain in either local intranet or trusted sites in Internet Options (we have *.domain.com in a group policy) and set User Authenication to auto login, you shouldnt have to log in at all from IE or Chrome, it would just read your logged in domain user account.



  • 4.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 17, 2014 01:31 AM

    Hello Pmj0383,

    I unchecked the AD Authentication box in Process Manager with AD Integration settings, however, after that I am unable to login to Process Manager at all. It says invalid user name / password. Have tried combinations of Domain\user id, user id and email address, however, no luck.

    Please advise.

    Thanks
    Snm1502



  • 5.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 18, 2014 12:07 AM

    Hello,

    Anyone with any leads? No one is able to to login to DEV environment at all due to which many DEV activities are on hold?

    Please advise.

    Thanks
    Snm1502



  • 6.  RE: Skip Authentication Window - SD 7.5
    Best Answer

    Posted Mar 18, 2014 07:20 AM

    Sorry, you definitely still need the AD Authentication check box enabled if you are syncing from AD, I'm just saying that from what I've read, when you enable it, it automatically enables passthrough authentication at the same time (step 1).

    I think the only way to "get rid of it", at least for domain clients, is to get pass through auth working correctly by settings the configuration of your domain clients (either add the site to trusted sites or local intranet). This way your domain clients just go to the website and skip step 1 and 2.

    Maybe a Symantec employee can chime in, but you are basically asking to get rid of Integrated Windows Authentication and use only Forms-based Authentication.



  • 7.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 18, 2014 07:43 AM

    Hello Pmj0383,

    Agreed, however, the current situation is AD CheckBox is unchecked and so it wont even let me in the console. everytime I try says invalid id / password which makes sense as the AD account is synced but authentication is now disabled.

    So now my priority is to get logged in first. Is there a way to enable the AD Authentication check box from any of config files or any other place?

    Thanks
    snm1502



  • 8.  RE: Skip Authentication Window - SD 7.5

    Posted Mar 18, 2014 07:52 AM

    You can't login with the admin@symantec.com account that is the default admin? If not, I believe there are some ways to reset that.



  • 9.  RE: Skip Authentication Window - SD 7.5
    Best Answer

    Posted Mar 18, 2014 09:28 AM

    First, you should really check that AD box again. Like pmj says, you need that and ideally would use the pass through authentication. Failing pass through, I've got a partial solution to your pop-up authentication box issue.

    Digging through the login.aspx file, it seems that if the URL string includes a get variable of "Authentication" which is set to true, you don't see the authentication box. I just tested on my SD box and found that

    http://YourHost/ProcessManager/login.aspx?Authenticated=true

    put my straight to the login page without the pop-up box. To make it a full solution, you'd probably want to use some sort of URL rewrite code to direct users to that URL automatically, though you could also probably modify the javascript in the login.aspx file to accomplish the same thing.

    EDIT:

    Yes, I was able to change the login.aspx file to skip the authentication box. In the function "CanAuthenticate", change:

    catch (e) {
        ShowLoginControls();
    }

    To:

    catch (e) {
        window.location = window.location + '?Authenticated=true';
        setTimeout)ShowLoginControls, 3000);
    }

    Now, as usual, there may be some very good reasons to not do this, so use at your own risk. I'm sure Symantec would not support it and it would likely be destroyed on upgrade or reinstall.

    EDIT 2:

    Upon further testing, the above didn't work. Using a much-too-large hammer, I decided to comment out everything in the "CanAuthenticate" function and simply put in one line of:

    ShowLoginControls();

     



  • 10.  RE: Skip Authentication Window - SD 7.5

    Posted Apr 03, 2014 08:40 AM

    We have got the Admin Account password reset by using an utility (ChangeAdminPassword) provided under ProcessManager folder and the got the AD authentication enabled.