Please use docs.servicenow.com for the latest documentation.

This site is for reference purposes only and may not be accurate for the latest ServiceNow version

Installation Exits

From Wiki Archive
Jump to: navigation, search
Note
Note: This article applies to Fuji. For more current information, see Installation Exits at http://docs.servicenow.com

The ServiceNow Wiki is no longer being updated. Please refer to http://docs.servicenow.com for the latest product documentation.

Overview

Installation exits are customizations that exit from Java to call a script before returning back to Java. Navigate to System Definition > Installation Exits. Some installation exit names (Login, Logout, ValidatePassword, ExternalAuthentication) are reserved and cannot be changed. Other installation exits can override these with custom script that replaces the script in the default installation exit.

The following installation exits are available in the base system:

  • Login: takes a username and password pair and authenticates with the user object.
  • Logout: takes the user to the welcome page upon signing out; can be overridden by:
    • LogoutRedirect: takes the user to a specified URL upon signing out.
  • ExternalAuthentication: authenticates using header, parameter, or cookie; can be overridden by:
    • DigestSingleSignOn: authenticates using header, parameter, or cookie and decrypts Digest encryption.
    • PGPSingleSignOn: authenticates using header, parameter, or cookie and decrypts PGP encryption.
  • ValidatePassword: inactive by default; allows customers to define their own password validation; can be overridden by:
    • ValidatePasswordStronger: requires passwords be at least 8 characters long and contain a digit, an uppercase letter, and a lowercase letter.

Customizing Login for Selective Session Timeout

The following modification to the Login installation exit sets each user's session timeout value as the user is logging in. In this particular example, if the user name is admin, the session is set to timeout in 30 seconds.

Note
Note: These API calls changed in the Calgary release:
  • GlideUser replaces Packages.com.glide.sys.User
  • GlideSysMessage replaces Packages.com.glide.ui.SysMessage
  • GlideSession replaces Packages.com.glide.sys.GlideSession
  • EventManager replaces Packages.com.glide.policy.EventManager

The new script object calls apply to the Calgary release and beyond. For releases prior to Calgary, substitute the packages calls as described above. Packages calls are not valid beginning with the Calgary release. For more information, see Scripting API Changes.

<source lang="javascript"> gs.include("PrototypeServer");

var Login = Class.create(); Login.prototype = { initialize : function() { },

       process : function() {
         // the request is passed in as a global
         var userName = request.getParameter("user_name");
         var userPassword = request.getParameter("user_password");
         var authed = GlideUser.authenticate(userName, userPassword);
         if (authed) {
            // **********************************************************************************
            // customization - if the userName == admin, set the session timeout to be 30 seconds
            // you can implement your own session timeout algorithm here by checking to see
            // if a user belongs to a certain group or has a certain role
                         if (userName == "admin") {
              request.getSession().setMaxInactiveInterval(30);
            }
            // **********************************************************************************
            return GlideUser.getUser(userName);
         }
         this.loginFailed();
         return "login.failed";
       },
       loginFailed : function() {
         var message = GlideSysMessage.format("login_invalid");
         var gSession = GlideSession.get();
         gSession.addErrorMessage(message);
         var userName = request.getParameter("user_name");
         EventManager.queue("login.failed", "", userName, "");
      }

} </source>

Session timeout can also be set according to IP address.

<source lang="javascript"> gs.include("PrototypeServer");

var Login = Class.create(); Login.prototype = { initialize : function() { },

       process : function() {
         // the request is passed in as a global
         var userName = request.getParameter("user_name");
         var userPassword = request.getParameter("user_password");
         var authed = GlideUser.authenticate(userName, userPassword);
         if (authed) {
         // **********************************************************************************
         // customization - if the user is logging in from a particular IP range 
         // starting with XXX.XXX
         // you can implement your own session timeout algorithm here by 
         // checking the login IP
            
         var clientIP = gs.getSession().getClientIP().toString();
         if (clientIP.indexOf('XXX.XXX') == 0) {  // if client IP starts with specified range
            request.getSession().setMaxInactiveInterval(60 * 60 * 10); // set to 10 hours
         }
         // **********************************************************************************
            return GlideUser.getUser(userName);
         }
         this.loginFailed();
         return "login.failed";
       },
       loginFailed : function() {
         var message = GlideSysMessage.format("login_invalid");
         var gSession = GlideSession.get();
         gSession.addErrorMessage(message);
         var userName = request.getParameter("user_name");
         EventManager.queue("login.failed", "", userName, "");
      }

} </source>