2 years ago
Verifying SSO Login Webcheck
Does anyone have any information or documentation on how to verify SSO login using a web check in the LM portal? I’ve reached out to support and have been told it’s as simple as just checking the aut...
Ok, for the synthetic check to verify someone can login into your LM portal via SSO, LM will need to answer that question (it’s their responsibility). Ask your CSM to have someone technical respond to this thread with instructions on how to do that.
As for the first web check, FreshService login, let’s get some clarity on what you are trying to test. Depending on how the website works, you can do this the easy way or the hard way.
The easy way: If the website uses basic authentication (i.e. not a web page based login), you can point the webcheck to a page that you must be logged in to see. Set the web check to require authentication and put the credentials in the webcheck (use properties, it’s marginally safer/better). The webcheck will try to pull up the protected page, the server will request basic auth credentials, the webcheck will pass basic auth credentials, the server will log you in and return the credential protected page. From there, you can check for a certain element or object or text on that page or you can just check for an http 2xx status code indicating success.
The hard(er) way: If, when you try to go to a page in FreshService that requires authentication and the webserver responds with an HTML page prompting you to login, you’ll need to do multiple steps. You’ll have to debug the login page and find out what HTTP request (probably a post) is done when you hit the login button. Since you appear to have some experience with the developer tools, you can probably figure this out without too much difficulty (respond here with screenshots for help, redact any private info). You’ll need to define the first step in your request to match that request, passing in the corresponding values for the username and password (and any other fields). Upon successful posting of the credentials, the server should respond with a page that you would only have access to after logging in. You can check for the presence of something on that page or you can look for an http 2xx code indicating success.