Using Web Interface 5.x to send the full UPN username to a RADIUS server
Posted on September 2nd, 2009
Situation
Web Interface 5.1 (or 5.x)
Two factor authentication server is RADIUS
All user accounts use the full UPN name to login (i.e. user.name@domain.com)
Problem
By default, Web Interface does not send the full UPN username to the RADIUS server, so the two factor authentication fails.
Resolution
The following file needs to be edited to force Web Interface to send the full UPN username to the two factor authentication RADIUS server.
C:\Inetpub\wwwroot\Citrix\RADIUS\app_code\PagesJava\com\citrix\wi\pageutils\TwoFactorAuth.java
The method that requires changing is public static String getUserName(UPNCredentials token, boolean fullyQualified) at line 131
it should be changed to be:
public static String getUserName(UPNCredentials token, boolean fullyQualified) {
/*if (fullyQualified) {
return token.getShortDomain() + “\\” + token.getShortUserName();
} else {
return token.getShortUserName();
}*/
return token.getUserIdentity(); // This returns the full UPN as entered by the user
}
Web inteface 5.1 will now send the full UPN name to the RADIUS server.
References
Previous versions of Web Interface have different files that need to be edited.
Tags: edit, inetpub, radius, RSA SecurID, signify, two factor, UPN, username, web interface
Filed under Citrix Web Interface, Scripts/Reg | No Comments »