Custom Scripting authentication
Custom Script is a way to create your own way to authenticate. The administrator has full control on what prompts are displayed and how the authentication happens.
Prompts are not necessary if the device is setup for SSO, and the device provides SSO data for authentication.
- Configure the prompts that will be used to collect user information by clicking the Prompts button. Form more information, see Authentication Prompts dialog box.
-
Enter the path to the VB.NET script that contains the code that will
authenticate the user after he has filled the prompts at the device.
- If you have an existing script you want to use you can click the browse button (...) next to the Script File box.
- You can also click the Edit Script Code button to open a script editor window with basic script code.
When creating a custom script, you can use the following predefined fields:
- authData.GetData("Username")
- authData.GetData("Password")
- authData.GetData("#IPAddress")
- authData.GetData("#DeviceUserName")
- authData.GetData("#DeviceDomain")
- authData.GetData("#DeviceEmail")
- authData.GetData("DOMAIN")
- authData.GetData("EMAIL_ADDRESS")
- authData.GetData("USER_ID")
- authData.GetData("IDENTIFIER")
- authData.GetData("DISPLAY_NAME")
These fields are not visible to the end user, these are only used by the SSO hooks to pass back data that the Unified Client populates. The fields that are populated depend on what data the authentication application provides. It can be different by device and by authentication application.
Create a test script to see what fields are populated for the configured setup. With this data, a script can then be created to do what is needed.
The following result field has to be populated by the script for the proper operation of Unified Client:
- result.IsAuthenticated
- true means that the login is valid .
- false means the login failed.
The following field should be filled in. If LDAP integration is selected, you must populate the following item:
- result.UserInfo.UserName
If the user name provided is not in LDAP, the lookup will fail.
To add custom data to the ScanJob.xml file, include the following fields in the results:
- result.UserInfo.UserAttributes.Add("Attr1","Test 1")
- result.UserInfo.UserAttributes.Add("Attr2","Test 2")
- result.UserInfo.UserAttributes.Add("Attr3","Test 3")
-
Select the Use an LDAP search to retrieve additional
information check box if you need to look up the email address
and other attributes about the authenticated user.
When windows authentication is selected the email address is retrieved automatically as part of the authentication, so an LDAP search is not required if only the email address is needed.
-
If you select the Use an LDAP search to retrieve additional
information check box, click Configure to
enter the settings for the LDAP search.
This opens the LDAP Lookup Settings dialog box. For more information about options in this dialog box, see LDAP Lookup Settings dialog box.
- To test the search settings, enter a sample user name in the Username box and click Test.