How to use a custom user-password app for site configuration

The installation of browser extensions may not be always possible for the user, which means sites that require the AVG Browser Extension cannot be used in some cases. It is however possible to configure some sites using a Custom User-Password app instead.

The compatibility of the Custom User-Password app is completely dependent on the login implementation of the target site itself. This app can only be used with login pages which do not require cookies or header information to be passed.

Note: The Centrify Browser Extension logs the user in by loading the login page first, and then automatically filling in the credentials for them. This means that to the webpage, this is no different than if the user entered the credentials themselves. The Custom User-Password app is different as it bypasses the login page and submits the form information directly to the login request URL. This method will not work for all login pages, for example with some sites that require dynamic information to be submitted with the login attempt (such as timestamps, session IDs, etc). For login pages that only require static variables, the Generic User-Password app can usually be used to login. The capture tools shown in this KB require a recent version of Chrome or Firefox installed.

Steps to capture login variables:

1. Open Chrome or Firefox and navigate to the login page of the target site.
2. Right-click anywhere on the page and select Inspect element.
3. In the Developer Tools panel that pops up, click Network tab and clear out any existing entries that are in there. Make sure Preserve log is enabled.

Chrome/Firefox:

1. Log into the target site as normal, the Network panel will start to show a log of activity as the browser logs the user in.
2. After the user is logged in, look near the top of the Network logs for the entry that uses the POST method and click into it. This is entry that recorded the login request to the site.
3. In the Headers section, copy out the Request URL and save this for later.
4. Chrome/Firefox (Press the [ Edit and Resend ] button to make the text selectable): Extract the variable names and any additional values that were submitted to the site.
5. In Chrome, scroll down to see the Form Data section.
6. In Firefox, click the Params section.
7. Log into the Cloud Manager and configure a new Custom User-Password app: Application Settings > URL > Enter the Request URL that was captured in Step 3.
8. Advanced > Script > Replace the sample script entries with the variable names and values captured.
9. In the above example, the captured form data shows that the variable names for the login username and password are "email" and "password". This means the Advanced script can be edited as:

   response.AddFormField("email", encode(LoginUsername));
   response.AddFormField("password", encode(LoginPassword));
   

   Some login pages will send additional info with the username and password.

For example if the form data is captured as:

login-user: myUserName
login-pass: Pa$$w0rd
action: [Submit]
option-selection: 4
option-keepme: true  

Then the script will look like this: 

response.AddFormField("login-user", encode(LoginUsername)); 
response.AddFormField("login-pass", encode(LoginPassword)); 
response.AddFormField("action", "[Submit]"); 
response.AddFormField("option-selection", "4"); 
response.AddFormField("option-keepme", "true");

Note: Notice the user's actual username and password are NOT saved in the script, these are saved on a per-user basis and will be automatically substituted into the request via the encode(LoginUsername) and encode(LoginPassword) parameters. Configure the rest of the app options as needed and then save and deploy the app. When the users click on the custom app for the first time, they will be prompted for their credentials for the target site. Once the credentials are saved, they will submitted directly to the login page without the need for the AVG Browser Extension. For further information and additional scripting options, see the User-Password Scripting Guide in the AVG Cloud Service Online Help.