Deprecating unlimited auto-login links

Creation date: 4/24/2020 4:26 AM    Updated: 4/24/2020 6:07 AM
We are disabling non-time limited auto-login links on May 15th, 2020. After that date, your users won't be able to use those links to log in. If you saw a warning in your helpdesk with a link to this article we identified that you still use unlimited auto-login links in some capacity. 

Why am I seeing this?

If you saw a link to this article on top of your helpdesk then you are using some features that are going to be disabled on May 15th. 

What are auto-login links? 

Links that look like this: http://Helpdesk_Url/User/AutoLogin?username=xxx&email=yyy&userHash=HASH When a user clicks on a link like this he gets logged in automatically without the need to enter a login and a password. 

What is going to be deprecated exactly? 

The userHash component of a link has to be calculated like this: MD5(name + email + shared-secret + day + month)

Previously you were not required to add day and month components into it, so links with a hash like this  MD5(name + email + shared-secret) still work, but they are going to stop working on May 15th, 2020. 

What should I do?

1. If you are using IIS script to authenticate your users
The script makes use of auto-login links behind the scenes. You need to download an updated version. 

Go to Administration - General settings and scroll to the very bottom of the page. You can download the updated script in the "Active directory" section. Please open your current script and the updated one in a text editor. At the top of your current script, there are settings that you need to move to the new script. Specifically, make sure you move sSharedSecret and sReturnURL to the new script.

2. If you are using auto-login links for other reasons
Add day and month components to your auto-login links. Your userHash should look like MD5(name + email + shared-secret + day + month). The day and month values should be the current day of the month, and the current month formatted as two digits, so "January 1st" should become "0101". You can find all the details in this article.





Jitbit Helpdesk ticketing system is our flagship product. Its a great helpdesk software app offered both as a hosted and "on-premise" versions.