We are disabling non-time limited auto-login links on May 15th, 2020. After that date, your users won't be able to use those links to log in. If you saw a warning in your helpdesk with a link to this article we identified that you still use unlimited auto-login links in some capacity.
If you saw a link to this article on top of your helpdesk then you are using some features that are going to be disabled on May 15th.
Links that look like this:
http://Helpdesk_Url/User/AutoLogin?username=xxx&email=yyy&userHash=HASH
When a user clicks on a link like this he gets logged in automatically without the need to enter a login and a password.
The userHash component of a link has to be calculated like this:
SHA256(name + email + shared-secret + day + month)
And then truncated to 28 chars.
Previously you were not required to add day and month components into it, so links with a hash like this MD5(name + email + shared-secret) still work, but they are going to stop working on May 15th, 2020.
1. If you are using IIS script to authenticate your users
The script makes use of auto-login links behind the scenes. You need to download an updated version.
Go to Administration - General settings and scroll to the very bottom of the page. You can download the updated script in the "Active directory" section. Please open your current script and the updated one in a text editor. At the top of your current script, there are settings that you need to move to the new script. Specifically, make sure you move sSharedSecret and sReturnURL to the new script.
2. If you are using auto-login links for other reasons
Add day and month components to your auto-login links. Your userHash should look like:
SHA256(name + email + shared-secret + day + month)
and truncate the result to 28 chars The day and month values should be the current day of the month, and the current month formatted as two digits, so "January 1st" should become "0101". You can find all the details in this article.