Example custom scripts for Password Reset
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Example Custom Scripts for Password Reset
This content provides example custom scripts designed to extend and customize the ServiceNow Password Reset application. These scripts demonstrate how to perform user account lookups, process identification forms, define credential stores, and create identification types. The examples illustrate how to implement and invoke extension points to tailor password reset workflows to specific organizational requirements.
Show less
Key Features
- User Account Lookup: A sample extension script that performs a lookup for a user account by returning the supplied user ID. This script is categorized under
passwordreset.extension.useraccountlookupand can be invoked programmatically to identify users during the password reset process. - Identification Form Processor: A sample extension script that processes identification forms submitted during password reset. It extracts user identifiers from form parameters and returns the user’s sysid or null if not found. This script falls under
passwordreset.extension.identificationformprocessor. - Credential Store Definition: The user account lookup extension example can be used to define credential stores, which are necessary for configuring user lookup in password reset processes.
- Extension Script Setup and Invocation: Examples include helper functions to retrieve the sysid of extension scripts based on name and category. Scripts show how to set up parameters and invoke extension points using
SNC.PwdExtensionPointandSNC.PwdExtensionPointParameterobjects. - Script Include Records: XML snippets illustrate how to create or update script include records for these extensions, including metadata such as descriptions, categories, and active status.
Practical Application for ServiceNow Customers
- These scripts enable customers to customize how user identification and account lookup happen during password reset workflows, allowing for integration with various identity verification methods.
- By defining credential stores and identification types, customers can link password reset processes to external systems or internal user directories, enhancing security and automation.
- The helper function to retrieve script include sysids facilitates dynamic invocation of extension scripts without hardcoding values, promoting maintainability.
- Understanding and adapting these sample scripts helps customers implement tailored password reset mechanisms that fit their organizational policies and technical environments.
The example scripts perform a user account lookup and processes an identification form, define a credential store, and create an identification type.
Perform a user account lookup and process an identification form
The main script calls two extension scripts, one to perform the user account lookup, and the other to process the identification form.// User account lookup
var lookupExtensionSysId = getExtensionScriptSysId('SampleUserAccountLookupExtension', 'user_account_lookup');
var lookupExtension = new SNC.PwdExtensionPoint(lookupExtensionSysId);
// Setup parameters required for this extension type - userId
var params = new SNC.PwdExtensionPointParameter() ;
params.userId= 'joe.employee';
// Invoke the extension
var answer = lookupExtension.process(params);
gs.print('user: ' + answer);
//Form processor sample - Identification form processor
var identExtensionSysId = getExtensionScriptSysId('SampleIdentificationProcessorExtension', 'identification_form_processor');
var identificationExtension = new SNC.PwdExtensionPoint(identExtensionSysId);
// Setup parameters required for this extension type - processId
var params = new SNC.PwdExtensionPointParameter() ;
params.processId = 'pwdreq1234';
// Simulate the posted form parameter for the indentification processor
var request = new SNC.PwdExtensionPointParameter() ; // A real life case will inject it's own request object
request.setParameter('sysparm_user_id', 'joe.employee');
var userIdentity = identificationExtension.processForm(params, request);
gs.print('identity: ' + userIdentity);
// Simple helper to return the sys-id for a given extension script
function getExtensionScriptSysId(scriptName, category) {
var result;
var now_GR = new GlideRecord('sys_script_include');
gr.addQuery('name', scriptName);
gr.addQuery('script', 'CONTAINS', 'category: \'password_reset.extension.' + category + '\'');
gr.query();
if (gr.next() ) {
result = gr.getValue('sys_id');
}
return result;
}Define a credential store
The following is an example of an extended process function in the User Account Lookup category used to define a credential store. To create this extension script, go to and create a new script as described in Create an Extension Script. To configure the User Lookup in a Password Reset process, see Credential Stores.
<?xml version="1.0" encoding="UTF-8"?>
<record_update table="sys_script_include">
<sys_script_include action="INSERT_OR_UPDATE">
<active>true</active>
<client_callable>false</client_callable>
<description>Simple account lookup that returns the supplied user id</description>
<name>SampleUserAccountLookupExtension</name>
<script><![CDATA[var SampleUserAccountLookupExtension = Class.create();
SampleUserAccountLookupExtension.prototype = {
category: 'password_reset.extension.user_account_lookup', // DO NOT REMOVE THIS LINE!
/**********
* Returns the credential-store account id for a given user
*
* @param params.userId The sys-id of the user being checked (table: sys_user)
* @return The credential-store account-id (string) for a given user
**********/
process: function(params) {
return params.userId;
},
type: 'SampleUserAccountLookupExtension'
};]]></script>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 16:44:55</sys_created_on>
<sys_id>2df5a103d73201002bb9af728e610333</sys_id>
<sys_mod_count>1</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 16:46:00</sys_updated_on>
</sys_script_include>
<sys_app_file action="INSERT_OR_UPDATE">
<customer_update>false</customer_update>
<publish_override/>
<replace_on_upgrade>false</replace_on_upgrade>
<restore/>
<sys_app/>
<sys_code>!!1W4/</sys_code>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 16:44:55</sys_created_on>
<sys_id>8306e143d73201002bb9af728e6103d3</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>SampleUserAccountLookupExtension</sys_name>
<sys_parent/>
<sys_path>!!1W4/</sys_path>
<sys_policy/>
<sys_source_deleted>false</sys_source_deleted>
<sys_source_id>2df5a103d73201002bb9af728e610333</sys_source_id>
<sys_source_table>sys_script_include</sys_source_table>
<sys_type>code</sys_type>
<sys_update_name>sys_script_include_2df5a103d73201002bb9af728e610333</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 16:46:00</sys_updated_on>
</sys_app_file>
</record_update>
Create an identification type
The following is an example of an extended processForm function in the Identification Form Processor category that can be used to create an identification type. To create this extension script, go to and create a new script as described in Create an Extension Script.
<?xml version="1.0" encoding="UTF-8"?>
<record_update table="sys_script_include">
<sys_script_include action="INSERT_OR_UPDATE">
<active>true</active>
<client_callable>false</client_callable>
<description>Script that processes an identification form.
Returns the sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
</description>
<name>SampleIdentificationProcessorExtension</name>
<script><![CDATA[var SampleIdentificationProcessorExtension = Class.create();
SampleIdentificationProcessorExtension.prototype = {
category: 'password_reset.extension.identification_form_processor', // DO NOT REMOVE THIS LINE!
/**********
* Process the identification form request, and returns the user's sys_id. if user was not identified return null.
*
* @param params.processId The sys-id of the calling password-reset process (table: pwd_process)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* Supported request paramters:
* sysparm_user_id - the user identifier value entered in the form.
* @return The sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
**********/
processForm: function(params, request) {
return request.getParameter('sysparm_user_id') + '_' + params.processId;
},
type: 'SampleIdentificationProcessorExtension'
};]]></script>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 17:00:28</sys_created_on>
<sys_id>3a79a503d73201002bb9af728e610349</sys_id>
<sys_mod_count>1</sys_mod_count>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 17:08:41</sys_updated_on>
</sys_script_include>
<sys_app_file action="INSERT_OR_UPDATE">
<customer_update>false</customer_update>
<publish_override/>
<replace_on_upgrade>false</replace_on_upgrade>
<restore/>
<sys_app/>
<sys_code>!!1W5/</sys_code>
<sys_created_by>admin</sys_created_by>
<sys_created_on>2013-07-30 17:00:28</sys_created_on>
<sys_id>4799ed03d73201002bb9af728e610333</sys_id>
<sys_mod_count>0</sys_mod_count>
<sys_name>SampleIdentificationProcessorExtension</sys_name>
<sys_parent/>
<sys_path>!!1W5/</sys_path>
<sys_policy/>
<sys_source_deleted>false</sys_source_deleted>
<sys_source_id>3a79a503d73201002bb9af728e610349</sys_source_id>
<sys_source_table>sys_script_include</sys_source_table>
<sys_type>code</sys_type>
<sys_update_name>sys_script_include_3a79a503d73201002bb9af728e610349</sys_update_name>
<sys_updated_by>admin</sys_updated_by>
<sys_updated_on>2013-07-30 17:08:41</sys_updated_on>
</sys_app_file>
</record_update>Use the process and processForm extensions
This example shows a script that uses two sample extensions, one process extension and one processForm extension.
// User account lookup
var lookupExtensionSysId = getExtensionScriptSysId('SampleUserAccountLookupExtension','user_account_lookup');
var lookupExtension =new SNC.PwdExtensionPoint(lookupExtensionSysId);
// Setup parameters required for this extension type - userId
var params =new SNC.PwdExtensionPointParameter();
params.userId='joe.employee';
// Invoke the extension
var answer = lookupExtension.process(params);
gs.print('user: '+ answer);
//Form processor sample - Identification form processor
var identExtensionSysId = getExtensionScriptSysId('SampleIdentificationProcessorExtension','identification_form_processor');
var identificationExtension =new SNC.PwdExtensionPoint(identExtensionSysId);
// Setup parameters required for this extension type - processId
var params =new SNC.PwdExtensionPointParameter();
params.processId='pwdreq1234';
// Simulate the posted form parameter for the indentification processor
var request =new SNC.PwdExtensionPointParameter();// A real life case will inject it's own request object
request.setParameter('sysparm_user_id','joe.employee');
var userIdentity = identificationExtension.processForm(params, request);
gs.print('identity: '+ userIdentity);
// Simple helper to return the sys-id for a given extension scriptfunction
getExtensionScriptSysId(scriptName, category){
var result;
var now_GR =new GlideRecord('sys_script_include');
gr.addQuery('name', scriptName);
gr.addQuery('script','CONTAINS','category: \'password_reset.extension.'+ category +'\'');
gr.query();
if(gr.next()){
result = gr.getValue('sys_id');}return result;}process
function:
<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_script_include"><sys_script_include action="INSERT_OR_UPDATE"><active>true</active><client_callable>false</client_callable><description>Simple account lookup that returns the supplied user id</description><name>SampleUserAccountLookupExtension</name><script><![CDATA[var SampleUserAccountLookupExtension =Class.create();
SampleUserAccountLookupExtension.prototype={
category:'password_reset.extension.user_account_lookup',// DO NOT REMOVE THIS LINE!
/**********
* Returns the credential-store account id for a given user
*
* @param params.userId The sys-id of the user being checked (table: sys_user)
* @return The credential-store account-id (string) for a given user
**********/
process:function(params){return params.userId;},
type:'SampleUserAccountLookupExtension'
};]]></script><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3016:44:55</sys_created_on><sys_id>2df5a103d73201002bb9af728e610333</sys_id><sys_mod_count>1</sys_mod_count><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3016:46:00</sys_updated_on></sys_script_include><sys_app_file action="INSERT_OR_UPDATE"><customer_update>false</customer_update><publish_override/><replace_on_upgrade>false</replace_on_upgrade><restore/><sys_app/><sys_code>!!1W4/</sys_code><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3016:44:55</sys_created_on><sys_id>8306e143d73201002bb9af728e6103d3</sys_id><sys_mod_count>0</sys_mod_count><sys_name>SampleUserAccountLookupExtension</sys_name><sys_parent/><sys_path>!!1W4/</sys_path><sys_policy/><sys_source_deleted>false</sys_source_deleted><sys_source_id>2df5a103d73201002bb9af728e610333</sys_source_id><sys_source_table>sys_script_include</sys_source_table><sys_type>code</sys_type><sys_update_name>sys_script_include_2df5a103d73201002bb9af728e610333</sys_update_name><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3016:46:00</sys_updated_on></sys_app_file></record_update>processForm
function:
<?xml version="1.0" encoding="UTF-8"?><record_update table="sys_script_include"><sys_script_include action="INSERT_OR_UPDATE"><active>true</active><client_callable>false</client_callable><description>Script that processes an identification form.
Returns the sys-id of the user that corresponds to the requested input;if no user was found,null should be returned. </description><name>SampleIdentificationProcessorExtension</name><script><![CDATA[var SampleIdentificationProcessorExtension =Class.create();
SampleIdentificationProcessorExtension.prototype={
category:'password_reset.extension.identification_form_processor',// DO NOT REMOVE THIS LINE!
/**********
* Process the identification form request, and returns the user's sys_id. if user was not identified return null.
*
* @param params.processId The sys-id of the calling password-reset process (table: pwd_process)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* Supported request paramters:
* sysparm_user_id - the user identifier value entered in the form.
* @return The sys-id of the user that corresponds to the requested input; if no user was found, null should be returned.
**********/
processForm:function(params, request){return request.getParameter('sysparm_user_id')+'_'+ params.processId;},
type:'SampleIdentificationProcessorExtension'
};]]></script><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3017:00:28</sys_created_on><sys_id>3a79a503d73201002bb9af728e610349</sys_id><sys_mod_count>1</sys_mod_count><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3017:08:41</sys_updated_on></sys_script_include><sys_app_file action="INSERT_OR_UPDATE"><customer_update>false</customer_update><publish_override/><replace_on_upgrade>false</replace_on_upgrade><restore/><sys_app/><sys_code>!!1W5/</sys_code><sys_created_by>admin</sys_created_by><sys_created_on>2013-07-3017:00:28</sys_created_on><sys_id>4799ed03d73201002bb9af728e610333</sys_id><sys_mod_count>0</sys_mod_count><sys_name>SampleIdentificationProcessorExtension</sys_name><sys_parent/><sys_path>!!1W5/</sys_path><sys_policy/><sys_source_deleted>false</sys_source_deleted><sys_source_id>3a79a503d73201002bb9af728e610349</sys_source_id><sys_source_table>sys_script_include</sys_source_table><sys_type>code</sys_type><sys_update_name>sys_script_include_3a79a503d73201002bb9af728e610349</sys_update_name><sys_updated_by>admin</sys_updated_by><sys_updated_on>2013-07-3017:08:41</sys_updated_on></sys_app_file></record_update>