Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-4902: How to configure login variables on a Custom User-Password app

App Access Service ,   Privileged Access Service ,  

9 September,19 at 04:37 PM

Applies to: Centrify Privileged Access Service


 How to configure login variables on a Custom User-Password app?

User-added image


The compatibility of the Custom User-Password app is completely dependent on the login implementation of the target site itself.
This app can only be used with login pages which do not require cookies or header information to be passed.

  • The Centrify Browser Extension logs the user in by loading the login page first, and then automatically filling in the credentials for them. This means to the web page, this is no different than if the user entered the credentials themselves.
  • The Custom User-Password app is different as it bypasses the login page and submits the form information directly to the login request URL.
  • This method will not work for all login pages, for example with some sites that require dynamic information to be submitted with the login attempt (such as timestamps, session IDs, etc).
  • For login pages that only require static variables, the Generic User-Password app can usually be used to login.
  • The capture tools shown in this KB require a recent version of Chrome or Firefox installed.

Steps to capture login variables
  1. Open Chrome or Firefox and navigate to the login page of the target site.
  2. Right-click anywhere on the page and select "Inspect element"
  3. In the Developer Tools panel that pops up, click to the "Network" tab and clear out any existing entries that are in there. Make sure "Preserve log" is enabled.
    • Chrome
      User-added image
    • Firefox
      User-added image
  4. Log into the target site as normal, the Network panel will start to show a log of activity as the browser logs the user in.
  5. After the user is logged in, look near the top of the Network logs for the entry that uses the POST method and click into it. This is the recorded entry for the login request to the site.
  6. In the "Headers" section, copy out the "Request URL" and save this for later.
    • Chrome
      User-added image
    • Firefox (Press the [ Edit and Resend ] button to make the text selectable)
      User-added image
  7. Extract the variable names and any additional values that were submitted to the site
    • In Chrome, scroll down to see the "Form Data" section
      User-added image
    • In Firefox, click to the "Params" section
      User-added image
  8. Log into the Cloud Manager and configure a new Custom User-Password app
    • Application Settings > URL > Enter the Request URL that was captured in Step 6
    • Advanced > Script > Replace the sample script entries with the variable names and values captured in Step 7
      • In the above example, the captured form data shows that the variable names for the login username and password are "email" and "password". This means the Advanced script can be edited as:

        response.AddFormField("email", encode(LoginUsername));
        response.AddFormField("password", encode(LoginPassword));

      • Some login pages will send additional info with the username and password, for example if the form data is captured as:

        login-user: myUserName
        login-pass: Pa$$w0rd
        action: [Submit]
        option-selection: 4
        option-keepme: true

      • Then the script will look like this:

        response.AddFormField("login-user", encode(LoginUsername));
        response.AddFormField("login-pass", encode(LoginPassword));
        response.AddFormField("action", "[Submit]");
        response.AddFormField("option-selection", "4");
        response.AddFormField("option-keepme", "true");

      • Note: Notice the user's actual username and password are NOT saved in the script, these are saved on a per-user basis and will be automatically substituted into the request via the encode(LoginUsername) and encode(LoginPassword) parameters.
  9. Configure the rest of the app options as needed and then save and deploy the app.
  10. When the users click on the custom app for the first time, they will be prompted for their credentials for the target site. Once the credentials are saved, they will submitted directly to the login page without the need for the Centrify Browser Extension.

For further information and additional scripting options, see the User-Password Scripting Guide in the Centrify Cloud Service Online Help