Using cURL to Automate ServiceDesk Plus Authentication


Use command line program cURL to successfully login to Manage Engine ServiceDesk Plus

Why? This opens the doors for automation!  My team has utilized this to automate tasks like password resets across multiple Active Directory Domains and to reset Linux passwords.

The longer a password reset ticket sits in your queue, the less work the end user is getting done, this effects Project Timelines and overall company profitability.  If you do one thing, you should automate password resets!

Required Tools


  1. cURL Application

    • Mac/Linux – Comes with the Operating System
    • Windows – Download directly from the Homepage
  • HTTP Protocol Analyzer (I Recommend Charles or Firebug)

    • LiveHTTPHeaders An extremely useful tool that allows you to track ALL incoming and outgoin HTTP headers when you’re using Mozilla, Firefox or Netscape.
    • Wireshark Network analyzer deluxe. When “curl –trace” and LiveHTTPHeaders just ain’t enough.
    • tcpdump The original network analyzer. Powerful and command-line driven.
    • Charles HTTP monitor (Windows/Mac 30 day trial)
    • Firebug HTTP Monitor (Firefox/Chrome Add-on, free)

    Crafting the cURL Command

    This section will detail how to craft the cURL command to login to Manage Engine Service Desk Plus

    Variables that you must change

    For the purposes of this demonstration I am using the following URL/username/password (you will need to change based on your environment):

    • URL:
    • Username: user1
    • Password: Password1

    Record Your Login to Service Desk

    At this point you will need to fire up whatever tool you are using to capture the HTTP POST request your browser sent to Manage Engine Service Desk Plus.

    What are you looking for?

    Rows Explained:

    1.  200 GET on PATH /  (Your initial request to load your Service Desk Website)
    2. 302 POST  on PATH /j_security_check (This is your recorded login to the Service Desk Website)

    A text version can be seen below (highlighted in red are variables you need to change):

    POST /j_security_check HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: servicedesk.example.comContent-Length: 267Connection: Keep-AliveCache-Control: no-cacheCookie: JSESSIONID=4E10E8247B182D885A8E92F66A476F0A; 382RequestsshowThreadedReq=showThreadedReqshow; 382RequestshideThreadedReq=hideThreadedReqhide; [object]=hide; itassetslinks=show; nonitassetslinks=hide; Components=hide; viewlinks=hide; Softwarediv=hide; 382Adminhelpexp=helpexpshow; 382Adminhelpcoll=helpcollhidePragma: no-cache

    Build the cURL request

    Sample cURL request to login to Manage Engine Service Desk Pro (the text after the -d parameter may be different based on how your app is authenticating, refer to output from previous section):

    curl -k -v -c cookies -b cookies -L --referer "" -A "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" -d "j_username=user1&j_password=Password1&domain=LDAP&LDAPEnable=true&hidden=Select+a+Domain&hidden=For+Domain&AdEnable=false&DomainCount=0&LocalAuth=No&LocalAuthWithDomain=No&dynamicUserAddition_status=false&localAuthEnable=true&logonDomainName=-1&loginButton=Login"

    Sample Output From Valid cURL Login Request



    Q: What if you are getting a response like this?

    HTTP/1.1 400 Invalid direct reference to form login pageSet-Cookie: JSESSIONID=F7CF9A95F340134A69457A8D082F0363; Path=/; SecureContent-Type: text/html;charset=utf-8Content-Length: 1062Date: Thu, 10 May 2012 18:42:46 GMTServer: Apache-Coyote/1.1Connection: closeExpires: 0Cache-Control: no-cache
    - - Error report 

    HTTP Status 400 - Invalid direct reference to form login page

    type Status report

    message Invalid direct reference to form login page

    description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


    A: You Must browse to first, then login (you just logged in without browsing to the home page first, consequently the referrer was never passed!).  If you are using cURL you must pass this parameter:

    --referer ""

    You Can Learn More About the ManageEngine Product Line By Going to

    The original article/video can be found at Using cURL to Automate ServiceDesk Plus Authentication

    Leave a Reply

    %d bloggers like this: