Custom Script is a way to create your own way to authenticate. The administrator has
full control on what prompts are displayed and how the authentication happens.
Prompts are not necessary if the device is setup for SSO, and the device provides SSO
data for authentication.
-
Configure the prompts that will be used to collect user information by clicking
the Prompts button. Form more information, see Authentication Prompts dialog box.
-
Enter the path to the VB.NET script that contains the code that will
authenticate the user after he has filled the prompts at the device.
- If you have an existing script you want to use you can click the browse
button (...) next to the Script
File box.
- You can also click the Edit Script Code button to
open a script editor window with basic script code.
When creating a custom script, you can use the following predefined
fields:
- authData.GetData("Username")
- authData.GetData("Password")
- authData.GetData("#IPAddress")
- authData.GetData("#DeviceUserName")
- authData.GetData("#DeviceDomain")
- authData.GetData("#DeviceEmail")
- authData.GetData("DOMAIN")
- authData.GetData("EMAIL_ADDRESS")
- authData.GetData("USER_ID")
- authData.GetData("IDENTIFIER")
- authData.GetData("DISPLAY_NAME")
These fields are not visible to the end user, these are only used by the SSO
hooks to pass back data that the Unified Client populates. The fields that
are populated depend on what data the authentication application provides.
It can be different by device and by authentication application.
Create a test script to see what fields are populated for the configured
setup. With this data, a script can then be created to do what is needed.
The following result field has to be populated by the script for the proper
operation of Unified Client:
- result.IsAuthenticated
- true means that the login is valid .
- false means the login failed.
The following field should be filled in. If LDAP integration is selected, you
must populate the following item:
To add custom data to the ScanJob.xml file, include the
following fields in the results:
- result.UserInfo.UserAttributes.Add("Attr1","Test 1")
- result.UserInfo.UserAttributes.Add("Attr2","Test 2")
- result.UserInfo.UserAttributes.Add("Attr3","Test 3")
-
Select the Use an LDAP search to retrieve additional
information check box if you need to look up the email address
and other attributes about the authenticated user.
Note: When windows authentication is selected the email address is retrieved
automatically as part of the authentication, so an LDAP search is not
required if only the email address is needed.
-
If you select the Use an LDAP search to retrieve additional
information check box, click Configure to
enter the settings for the LDAP search.
-
To test the search settings, enter a sample user name in the
Username box and click
Test.
Example of a custom script:
Option Strict Off
Imports System
Imports NSi.AutoStore.Capture.DataModel
Module Script
Sub CustomAuthenticate(ByVal authData As MetadataCollection, ByVal result As AuthResult)
'Sample custom authentication for a configuration with two authentication "Prompts...": username and password
'When defining the authentication Prompts, both username and password fields should be required using the ! checkbox option.
'The password filed should be masked using the # checkbox option for security reasons.
Dim username As String = authData.GetData("username") 'As client authenticated user's username
Dim password As String = authData.GetData("password") 'As client authenticated user's password
'In this sample we set the authentication result to true if the username matches the password.
result.IsAuthenticated = password = username
'Additionally, Custom User Attributes can be added to the result passed back to the client.
result.UserInfo.UserAttributes.Add("Attr1","Test 1")
result.UserInfo.UserAttributes.Add("Attr2","Test 2")
result.UserInfo.UserAttributes.Add("Attr3","Test 3")
'These will be returned with the scanned image's JobFile.XML and can be referenced during processing.
End Sub
End Module