Restrict users to login mobile app based on the department : Installation exist > Login , MultiSSO

ankit_dubey97
Tera Contributor

Hi Team,

 

Requirement: Need to restrict users to log in to the agent mobile app based on their department 

 

Solution: I have modified the condition in the Installation Exist > MultiSSO Login

 

Note : MultiSSO login overide the Login 

 

ankit_dubey97_0-1700128060553.png

Issue: unable to restrict users from login as of now, attaching the script code below 

gs.include("PrototypeServer");
gs.include("SSO_Helper");

var MultiSSOLogin = Class.create();
MultiSSOLogin.prototype = {
    initialize: function() {

    },

    process: function() {
        // the request is passed in as a global
        var userName = request.getParameter("user_name");
        var userPassword = request.getParameter("user_password");
        var user = GlideUser;
        var isMobile = gs.isMobile();
        if (GlideStringUtil.notNil(userName)) {
            gs.log("Test Mobile Logging using normal DB" + userName + " isMobile? " + isMobile);

            if (isMobile == "true") {
                gs.log("Test Mobile Logging using normal DB 1" + userName + " isMobile? " + gs.isMobile());

                var gr_user = new GlideRecord("sys_user");
                gr_user.addEncodedQuery("u_servicenow_departmentINIT-AUS,IT-CAN,IT-EMEA,IT-GLO,IT-SA,IT-USA");
                gr_user.addQuery("user_name", userName);
                gr_user.query();

                if (gr_user.next()) {

                    gs.log("Test Mobile : User id " + gr_user.user_name + " was success logging in @ " + gs.now());

                    request.getSession().setAttribute("glide.authenticate.multisso.login.method", "db");
                    SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
                    return user.getUser(userName);

                } else {
                    gs.log("Test Mobile : User id " + gr_user.user_name + " was blocked logging in @ " + gs.now());
                    this.loginFailed();
                    // response.sendRedirect("logout_redirect.do"); //incase you want the user to get redirected to some page. Not tested but may work
                    return "login.failed";

                }

            } else {
                var authed = user.authenticate(userName, userPassword);
                gs.log("Test Mobile Logging using normal DB 2" + userName + " isMobile? " + gs.isMobile() + "authed" + authed);

                if (authed) {

                    gs.log("Test Mobile Logging authed" + authed.toString() + " isMobile? " + gs.isMobile()); //This works perfect               

                    // it logined with normal DB creds in a multisso environment.
                    request.getSession().setAttribute("glide.authenticate.multisso.login.method", "db");
                    SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
                    gs.log("Test Mobile : User id " + user.getUser(userName) + " was success logging in @ " + gs.now());
                    return user.getUser(userName);
                }
            }

        } else if (SNC.AuthenticationHelper.isMutualAuth()) {
            var userLoginName = user.authenticateMutualAuthToken();
            if (userLoginName != null) {
                SSO_Helper.clearCookie(SNC.SSOUtils.SSOID());
                gs.log("Test Mobile : User id " + user.getUser(userLoginName) + " was blocked logging in @ " + gs.now());
                return user.getUser(userLoginName);
            }
        }

        this.loginFailed();
        gs.log("Test Mobile Logging failed " + userName + " isMobile? " + gs.isMobile());
        return "login.failed";
    },

    loginFailed: function() {
        var sysMessage = GlideSysMessage;
        var gs = GlideSession.get();
        if (request.getSession().getAttribute("glide.authenticate.local.login.method") == "certificate") {
            var message = sysMessage.format("cert_login_invalid");
            gs.addErrorMessage(message);
        } else if (GlideController.exists("glide.auth.policy.ui.error.message")) {
            var authPolicyError = GlideController.getGlobal("glide.auth.policy.ui.error.message");
            if (GlideStringUtil.notNil(authPolicyError)) {
                gs.addErrorMessage(sysMessage.format(authPolicyError));
            }
        } else {
            var message = sysMessage.format("login_invalid");
            gs.addErrorMessage(message);
        }
    }
};

@Sagar Patro @chadp 

0 REPLIES 0