Hi Team,
Requirement: Need to restrict users to log in to the agent mobile app based on their department
Solution: I have modified the condition in the Installation Exist > MultiSSO Login
Note : MultiSSO login overide the Login
Issue: unable to restrict users from login as of now, attaching the script code below
gs.include("PrototypeServer");
gs.include("SSO_Helper");
var MultiSSOLogin = Class.create();
MultiSSOLogin.prototype = {
initialize: function() {
},
process: function() {
// the request is passed in as a global
var userName = request.getParameter("user_name");
var userPassword = request.getParameter("user_password");
var user = GlideUser;
var isMobile = gs.isMobile();
if (GlideStringUtil.notNil(userName)) {
gs.log("Test Mobile Logging using normal DB" + userName + " isMobile? " + isMobile);
if (isMobile == "true") {
gs.log("Test Mobile Logging using normal DB 1" + userName + " isMobile? " + gs.isMobile());
var gr_user = new GlideRecord("sys_user");
gr_user.addEncodedQuery("u_servicenow_departmentINIT-AUS,IT-CAN,IT-EMEA,IT-GLO,IT-SA,IT-USA");
gr_user.addQuery("user_name", userName);
gr_user.query();
if (gr_user.next()) {
gs.log("Test Mobile : User id " + gr_user.user_name + " was success logging in @ " + gs.now());
request.getSession().setAttribute("glide.authenticate.multisso.login.method", "db");
SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
return user.getUser(userName);
} else {
gs.log("Test Mobile : User id " + gr_user.user_name + " was blocked logging in @ " + gs.now());
this.loginFailed();
// response.sendRedirect("logout_redirect.do"); //incase you want the user to get redirected to some page. Not tested but may work
return "login.failed";
}
} else {
var authed = user.authenticate(userName, userPassword);
gs.log("Test Mobile Logging using normal DB 2" + userName + " isMobile? " + gs.isMobile() + "authed" + authed);
if (authed) {
gs.log("Test Mobile Logging authed" + authed.toString() + " isMobile? " + gs.isMobile()); //This works perfect
// it logined with normal DB creds in a multisso environment.
request.getSession().setAttribute("glide.authenticate.multisso.login.method", "db");
SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
gs.log("Test Mobile : User id " + user.getUser(userName) + " was success logging in @ " + gs.now());
return user.getUser(userName);
}
}
} else if (SNC.AuthenticationHelper.isMutualAuth()) {
var userLoginName = user.authenticateMutualAuthToken();
if (userLoginName != null) {
SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
gs.log("Test Mobile : User id " + user.getUser(userLoginName) + " was blocked logging in @ " + gs.now());
return user.getUser(userLoginName);
}
}
this.loginFailed();
gs.log("Test Mobile Logging failed " + userName + " isMobile? " + gs.isMobile());
return "login.failed";
},
loginFailed: function() {
var sysMessage = GlideSysMessage;
var gs = GlideSession.get();
if (request.getSession().getAttribute("glide.authenticate.local.login.method") == "certificate") {
var message = sysMessage.format("cert_login_invalid");
gs.addErrorMessage(message);
} else if (GlideController.exists("glide.auth.policy.ui.error.message")) {
var authPolicyError = GlideController.getGlobal("glide.auth.policy.ui.error.message");
if (GlideStringUtil.notNil(authPolicyError)) {
gs.addErrorMessage(sysMessage.format(authPolicyError));
}
} else {
var message = sysMessage.format("login_invalid");
gs.addErrorMessage(message);
}
}
};
