In a previous post, I explained how to switch your complete ARS instance to case insensitive. But, is it really complete? No. Definitely not. There are some hidden functionalities that remain case sensitive, like the login system.

To turn the Remedy login system to case insensitive is something impossible to achieve. For Remedy, the user names are case sensitive, and this can’t be changed. But there are some tricks to help users think that they are in front of a case insensitive user login. The easiest of all is to change the login.jsp page of the mid-tier, including some Javascript code to allways turn the captioning to upper case, and maintain an Upper Case strategy in login names. Also, using this, it is easy to adapt the function to deny the web access to some individuals, create aliases or corporate processing (like a domain remover, since some users used to type “contoso/barry” as a login name.

NOTE: This is not a security option, only a usability enhancer. A hacker will have the option to send anything he wants directly to the servlet (a look at the source code of the login page will tell him everything about the login system) surpassing our login.jps protection.

Go to your login.jps file, which is located in the mid-tier shared folder, typically:

C:\BMC Software\ARSystem\midtier\shared

Now, add this script in the head section:

DataCopy Function

<script type="text/javascript">

function DataCopy() {
   if (document.loginForm.usernameid2.value.toUpperCase().substr(0,7)
      == "CONTOSO") {
      document.loginForm.usernameid.value =
         document.loginForm.usernameid2.value.toUpperCase().substr(8);
   } else {
      document.loginForm.usernameid.value =
         document.loginForm.usernameid2.value.toUpperCase();
   }
}

</script>

With this script you have the corporate removal and turn to upper case. It is easy to add some other functionalities. And also the use of AppAdmin or Demo accounts is forbidden from the web server.

Now we must duplicate the login username field like this:

DataCopy Function

<input name="<%=Params.USERNAME%>_"
       maxlength="<%=Params.USERNAME_LENGTH%>"
       id="usernameid2"
       value="<%=com.remedy.arsys.share.HTMLWriter.escape(name)%>"
       size="30"
       type="text"
       onchange="DataCopy();">

<input name="<%=Params.USERNAME%>"
       maxlength="<%=Params.USERNAME_LENGTH%>"
       id="usernameid"
       value="<%=com.remedy.arsys.share.HTMLWriter.escape(name)%>"
       size="30"
       type="hidden">

This is the best choice I found, since other javascript solutions didn’t work on all browsers.

You must apply this setting to all your mid-tier servers (in a HA configuration). And now your login system is case insensitive!.

This solution can’t be applied to the user tool, since there is no way of reprogramming it.

Posted on December 12, 2011 by Jose Huerta in Customization, Featured

One Response to Case Insensitive mid-tier login

Reply

Keith October 18, 2012
Does this make the usename case insensitive or does that mean I have to change usernames in my Active Directory to uppercase for this to work.

Case Insensitive mid-tier login

Recent Posts

Recent Comments

@TheRemedyForIT

One Response to Case Insensitive mid-tier login

Add a Comment

Liability clause

Archives

Case Insensitive mid-tier login

Recent Posts

Recent Comments

@TheRemedyForIT

Tags

One Response to Case Insensitive mid-tier login

Add a Comment

Liability clause

Archives