06 Sep Anytime password change with NetScaler Gateway Clientless Access
Per default NetScaler Gateway only permits users to change their password once it´s set to change at next login. It’s a widely known fact that password change only works, if your LDAP authentication policy is configured to communicate securely via TLS or SSL.
But what if you want to allow your users to change their password any time? I think the easiest way to configure this is to use a feature called Clientless VPN (cvpn).
To enable clientless access you have to modify some settings in NetScaler Gateway Session Profile:
In the tab Client Experience set Home Page to “portal/homepage.html” and Clientless Access to “On”. Next make sure to set ICA Proxy to “OFF” under the tab Published Applications.
As you can see, at least if you understand german, in the right corner there is the option to change the password (Kennwort ändern) next to the log off (Abmelden) button.
Even if the use case of this is just a proof of concept, the design of the portal mode is not overwhelming. I´m going to show you how to hide the WebSites and fileshare frame as well as the menu. Also I will hide the header of the Citrix Web Interface Site as it contains its own log off button which only logs off the web interface session and not the whole NetScaler Gateway session. Of course it would be possible to implement that, but I think one log off button should be sufficient 🙂
First you need a tool to modify the homepage.html on the NetScaler. You can use putty if you are familiar with vi or you can use WinSCP to do graphically.
Browse to /netscaler/portal/templates and open homepage.html
To hide the websites section:
Search for TD id=ctl00_webSitesContainerCell (for me it´s line 659) and enter display:none in the style attributes list. After modifying it should look like this:
<TD id=ctl00_webSitesContainerCell style="display: none; BORDER-RIGHT: #999999 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; WIDTH: 33%; BORDER-BOTTOM: #999999 1px solid" align=middle width="33%">
To hide the fileshare section:
Search for TD id=ctl00_fileSharesContainerCell (for me it´s line 673) and enter display:none in the style attributes list. After modifying it should look like this:
<TD id=ctl00_fileSharesContainerCell style="display:none; BORDER-RIGHT: #999999 1px solid; BORDER-TOP: #999999 1px solid; BORDER-LEFT: #999999 1px solid; WIDTH: 33%; BORDER-BOTTOM: #999999 1px solid" align=middle width="33%">
To hide the menu bar:
Search for DIV id=tabstrip style=”VISIBILITY (I´ve found it on line 537) and add display: none. The modified line looks like this:
<DIV id=tabstrip style="display: none; VISIBILITY: hidden; POSITION: relative">
The result is shown here:
Last step is to hide the header section of the web interface site. Login to your webserver and browse to inetpub. Open .CitrixXenAppapp_dataincludeheader.inc and append the most favorite style=”display:none” at the end of line 7.
// Copyright (c) 2002 - 2010 Citrix Systems, Inc. All Rights Reserved.
// Web Interface 220.127.116.11
<div id="headerWrapper" ">
<div id="header" style="display:none">
<table id="headerLeft" cellspacing="0">
That’s how your application list will look like (depending on the rest of your web interface configuration):
The change password site is as beautiful as expected, but at least it works great 🙂