[THIN] Re: 2 Access Gateways different default logon points?
- From: "peter_dibbens" <peter_dibbens@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 16 Mar 2009 20:42:42 +1000
Hi Jamie,
If you insert this code into Basepage.aspx it will check the mac address of
the CAGs (in my example I had 2 internet facing and 2 Extranet facing i.e 2
factor and single factor for the Extranet. All 4 CAG's were in the same
Farm. With 4 AAC Servers and all were load balanced using an F5 appliance.
Basically I needed to hide the single factor logon point from the internet.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<%
string strServer = Request.ServerVariables["HTTP_CAGE_EXTERNALCONNECTION"] +
"";
if (strServer != "00404883f890")
if (strServer != "00404883f876")
{
Response.End ();
}
%>
If the mac address does not equal one of the stated examples the script
exits and the page is not displayed. Note the mac address above is in bold
and should be changed to suit your environment.
Now there are many ways you could change this short piece of code to do the
same thing however this is what I used and it works fine.
As always please test this in your own environment and use at your own risk,
this change will be unsupported by Citrix. Remember if you redeploy logon
points basepage.aspx will be overwritten.
This worked perfect for my customer using AAC Version 4.2.x
Thanks Peter D
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of James Scanlon
Sent: Monday, 16 March 2009 10:01 AM
To: Thin
Subject: [THIN] Re: 2 Access Gateways different default logon points?
It would be great if you could send through the code for the basepage.aspx,
if you have it handy? Thats exactly what we are trying to achieve....
Thanks again for your very helpful information!!
James
_____
From: peter_dibbens@xxxxxxxxxxx
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: 2 Access Gateways different default logon points?
Date: Mon, 16 Mar 2009 08:41:47 +1000
Hi,
Simply put you can't segregate the CAGs within AAC they will be treated as
a single entity. Also if both the CAGs are using different FQDNS (likely)
then that can cause issues with the Secure Access Client.
However all said and done I have had to make this work for a larger customer
in the past. The way around it is to add some code to the basepage.aspx to
detect the mac address of the CAG i.e the one you may want the logon point
to be displayed upon.
There are other potentials ways that this could be achieved by say third
party load balances or even NetScaler.
If you want the code for basepage.aspx let me know.
The reason this was implemented was to allow internet facing logon point RSA
2 Factor internal Logon point Single Factor.
Thanks Peter
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of James Scanlon
Sent: Saturday, 14 March 2009 1:32 PM
To: Thin
Subject: [THIN] 2 Access Gateways different default logon points?
Greetings again all you fabulous list legends!
Quick one hopefully!?
I have 2 Gateway Devices both pointing to the same AAC server.
I want to have 1 gateway device support LDAP and RSA (its available
externally)
I want the other to have just LDAP (its only available internally)
From what I can tell the advanced authentication methods can only be setup
per logon point, however I cant find a way to have 2 different CAGS point to
different default logon points (under the same AAC server)
Am I missing something really simple?
Cheers and best wishes
James
_____
Let ninemsn property help. Need
<http://a.ninemsn.com.au/b.aspx?URL=http://ninemsn.domain.com.au/?s_cid%3DFD
Media:NineMSN_Hotmail_Tagline&_t=774152450&_r=Domain_tagline&_m=EXT> a new
place to rent, share or buy?
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.278 / Virus Database: 270.11.13/2000 - Release Date: 03/13/09
18:00:00
_____
Download the new Windows Live Messenger Find <http://download.live.com/>
out what's new with your friends
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.278 / Virus Database: 270.11.13/2001 - Release Date: 03/14/09
06:54:00
Other related posts:
