From Bright Pattern Documentation
< 5.19:ActiveDirectoryPasswordReset
Revision as of 04:00, 29 May 2024 by BpDeeplTranslateMaintenance (talk | contribs) (Updated via BpDeleteTranslateTags script)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
• 5.19



Using the Password Reset Feature

External Validation Script Specification

Overview

The Password Reset Module includes functionality to support scripts that are defined by system administrators to provide an additional layer of security. The contents of the JSON body received by the API service are passed to STDIN, and the results are read by the service on STDOUT. In this way, the validation script is able to take user-specific information and compare it with results from another data source. This ensures that the API service is being used from a trusted source that has accurately identified the user to receive a new password.

Example

The following is a PowerShell script that verifies a ServiceNow user during password reset. The user is validated in the scenario and their phone number and employee number are passed to the external validation tool through the JSON body of the request. If the values match the external check to ServiceNow, the script returns success. Specifically, it passes a JSON valid string where the field name and result name match the specified values from the configuration tool. In this example, those are "result" and "ok" respectively (i.e., anything other than this is considered "failed").

$user = "sn_user" 

$pass = "sn_password" 
 
$table = "sys_user"
 
$instance = "https://instance.service-now.com"

 
$input_obj = $input | ConvertTo-Json
 
$username = $input_obj.request.user
 
$emp_num = $input_obj.emp_num
 
$phone = $input_obj.phone
 
 
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $pass)))
 
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
 
$headers.Add('Authorization',('Basic {0}' -f $base64AuthInfo))
 
$headers.Add('Accept','application/json')
 
 
$uri = $instance + "/api/now/table/" + $table + "?sysparm_query=user_name=" + $username
 
$method = "GET"
 
 
$response = Invoke-WebRequest -Headers $headers -Method $method -Uri $uri -ContentType "application/json"
 
 
$result = ConvertFrom-Json -InputObject $response.content
 
if($emp_num -eq $result.result[0].employee_number -And $phone -eq $result.result[0].phone){ Write-Host '{"result":"ok"}'}
 
else {Write-Host '{"result":"fail"}'}
< Previous | Next >