Centrify Privileged Access ServiceQuestion:
How to configure login variables on a Custom User-Password app?Answer:
The compatibility of the Custom User-Password app is completely dependent on the login implementation of the target site itself.
This app can only be used with login pages which do not require cookies or header information to be passed.Notes:
Steps to capture login variables
- The Centrify Browser Extension logs the user in by loading the login page first, and then automatically filling in the credentials for them. This means to the web page, this is no different than if the user entered the credentials themselves.
- The Custom User-Password app is different as it bypasses the login page and submits the form information directly to the login request URL.
- This method will not work for all login pages, for example with some sites that require dynamic information to be submitted with the login attempt (such as timestamps, session IDs, etc).
- For login pages that only require static variables, the Generic User-Password app can usually be used to login.
- The capture tools shown in this KB require a recent version of Chrome or Firefox installed.
- Open Chrome or Firefox and navigate to the login page of the target site.
- Right-click anywhere on the page and select "Inspect element"
- In the Developer Tools panel that pops up, click to the "Network" tab and clear out any existing entries that are in there. Make sure "Preserve log" is enabled.
- Log into the target site as normal, the Network panel will start to show a log of activity as the browser logs the user in.
- After the user is logged in, look near the top of the Network logs for the entry that uses the POST method and click into it. This is the recorded entry for the login request to the site.
- In the "Headers" section, copy out the "Request URL" and save this for later.
- Firefox (Press the [ Edit and Resend ] button to make the text selectable)
- Extract the variable names and any additional values that were submitted to the site
- In Chrome, scroll down to see the "Form Data" section
- In Firefox, click to the "Params" section
- Log into the Cloud Manager and configure a new Custom User-Password app
- Application Settings > URL > Enter the Request URL that was captured in Step 6
- Advanced > Script > Replace the sample script entries with the variable names and values captured in Step 7
- In the above example, the captured form data shows that the variable names for the login username and password are "email" and "password". This means the Advanced script can be edited as:
- Some login pages will send additional info with the username and password, for example if the form data is captured as:
- Then the script will look like this:
- Note: Notice the user's actual username and password are NOT saved in the script, these are saved on a per-user basis and will be automatically substituted into the request via the encode(LoginUsername) and encode(LoginPassword) parameters.
- Configure the rest of the app options as needed and then save and deploy the app.
- When the users click on the custom app for the first time, they will be prompted for their credentials for the target site. Once the credentials are saved, they will submitted directly to the login page without the need for the Centrify Browser Extension.
For further information and additional scripting options, see the User-Password Scripting Guide
in the Centrify Cloud Service Online Help