Regarding the path
The path should be the target of the post, that is, what the form is configured to post its reply to. No web service is equal to another and sometimes this might not be a possible approach. The web page may post back to itself for example. So if a path can not be used, for whatever reason, use a * as path. This means that all requests will be inspected. In that case it is better to replace the dummy strings with something that will not under any circumstances be posted, to make sure not to replace other values. It could, for example, be that the web service actually has a reference to the string secret_username and in that case secret_username should be replaced with something random. For example, replace secret_username with hag_secret_username_lesuhfow8h2. The scripts must be edited accordingly. In the case of problems or questions contact Nexus Technical Support.
Regarding the script variable in Inject_script
getElementById function calls are searching for the form fields Password, Username and LoginButton in the HTML of the login form. These are most likely named differently in other systems and must be updated accordingly by inspecting the HTML of the login form of the system that should be provided with SSO. These are typically the input fields where the user gives his/her credentials.