Automated Login Using A HTA File

One of our clients had the concept of kiosks in particular locations/office/factories. These kiosks were used to give users access to a number of applications for information. One of the things they wanted the kiosk to have access to was their ServiceNow knowledge base.

We didn’t want to make the knowledge base public because it contained sensitive information, and at the same time didn’t want the users to have to enter a username and password to login.

I experimented with a login using a HTA file (same technology as Help the help desk functionality). The idea being that this could sit on the desktop and when clicked, will login automatically to ServiceNow.

We never used this solution, but I thought the idea was interesting and one I haven’t played with before so posting it here just as a concept.

So the approach was this (actual code at the end):

I created a new user record specific for each kiosk. The username was the windows username that the kiosk was logged in with. On the user table, we created 2 new fields:

1) u_ip which IP restricted who could access using this account

2) u_automated_login which was a True/False field to determine if this user record could use automated login or not

Then I created a HTA file which would read the username of the logged in user. Then it would do a HTTP post which was the same as the login.do page, except it would also pass an additional parameter across with it of ‘AutomatedLogin’.

Editing the Login installation exit, I then would check if the additional parameter was passed through, if so, I would check if this user had the Automated Login checkbox ticked, and finally, would check if their IP address matched against the one on record. If all these passed, I would log the user in automatically.

 

The HTA file I created is this (write in notepad and save it with an extension of HTA).

<html>
<head>
<title>Automated Login</title>
<HTA:APPLICATION
ID="owlExampleHta"
APPLICATIONNAME="OWLEXAMPLEHTA"
SCROLL="no"
SINGLEINSTANCE="yes"
maximizeButton="no"
minimizeButton="no"
border="thick"
>
</head>
<script type="text/javascript"">
function main() {
var n = new ActiveXObject("WScript.Network");
var userName = n.UserDomain ? n.UserDomain + "\\" + n.UserName : n.UserName;
var form = document.createElement('form');
form.action = "https://dev10303.service-now.com/login.do";
form.appendChild(doInput('user_name', userName));
form.appendChild(doInput('user_password', ''));
form.appendChild(doInput('ni.nolog.user_password', 'true'));
form.appendChild(doInput('ni.noecho.user_name', 'true'));
form.appendChild(doInput('language_select', 'en'));
form.appendChild(doInput('remember_me', 'false'));
form.appendChild(doInput('sys_action', 'sysverb_login'));
form.appendChild(doInput('sysparm_login_url', 'welcome.do'));
form.appendChild(doInput('not_important', ''));
form.appendChild(doInput('automatedLogin', 'true'));
document.body.appendChild(form);
form.submit();
window.close();
}
function doInput(name, val) {
var u = document.createElement("input");
u.name = name;
u.value = val;
u.hidden = 'true';
return u;
}
function init() {
top.resizeTo(1,1);
main();
}
</script>
<body onLoad="init()">
</body>
</html>

Very simply, it’s replicating the login.do form and entering the same fields as the login.do form would do. The only ‘special’ thing it’s doing is reading the logged in users windows username to log in with.

Finally, to get this set up on the login, I edited the Login installation exit script.

I added the following code right after var user = GlideUser; :

var auto = request.getParameter("automatedLogin");
if (auto == 'true') {
var gs = GlideSession.get();
var gr = new GlideRecord('sys_user');
gr.addQuery('user_name', userName);
gr.addActiveQuery();
gr.addQuery('u_automated_login', true);
gr.setLimit(1);
gr.query();
if (gr.next()) {
if (gs.getClientIP().toString() == gr.u_ip) {
return user.getUser(userName);
}
}

 

This looks for the automatedLogin parameter to be passed through, and if it’s there, then checks if the user has the ‘u_automated_checkbox’ ticked, and finally checks if the IP addresses match. If all of this passes, the user is let in.

This HTA file could then be deployed to the kiosk desktop to trigger the automated login when clicked. Caveats is the computer must be a windows machine and have Internet explorer. When opened, it’ll do the above process and the next screen the user should see is a logged in ServiceNow session.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s