Using Web Interface 5.x to send the full UPN username to a RADIUS server
Posted on September 2nd, 2009
Situation
Web Interface 5.1 (or 5.x)
Two factor authentication server is RADIUS
All user accounts use the full UPN name to login (i.e. user.name@domain.com)
Problem
By default, Web Interface does not send the full UPN username to the RADIUS server, so the two factor authentication fails.
Resolution
The following file needs to be edited to force Web Interface to send the full UPN username to the two factor authentication RADIUS server.
C:\Inetpub\wwwroot\Citrix\RADIUS\app_code\PagesJava\com\citrix\wi\pageutils\TwoFactorAuth.java
The method that requires changing is public static String getUserName(UPNCredentials token, boolean fullyQualified) at line 131
it should be changed to be:
public static String getUserName(UPNCredentials token, boolean fullyQualified) {
/*if (fullyQualified) {
return token.getShortDomain() + “\\” + token.getShortUserName();
} else {
return token.getShortUserName();
}*/
return token.getUserIdentity(); // This returns the full UPN as entered by the user
}
Web inteface 5.1 will now send the full UPN name to the RADIUS server.
References
Previous versions of Web Interface have different files that need to be edited.
Tags: edit, inetpub, radius, RSA SecurID, signify, two factor, UPN, username, web interface
Filed under Citrix Web Interface, Scripts/Reg | No Comments »
How to Configure Group Extraction when Using RSA with CAG Enterprise Edition
Posted on August 11th, 2008
How to Configure Group Extraction when Using RSA with Steel-Belted RADIUS
Originally posted here: CTX115467
Used with:
- RSA SecurID 6.1.1
- CAG Enterprise Edition (Netscaler 7000) 8.1 58.5
Tags: CAG, CAGEE, Citrix Access Gateway, Citrix Netscaler, CTX115467, group extraction, RSA SecurID, SecurID
Filed under Citrix Access Gateway, Citrix Netscaler, RSA SecurID | No Comments »