HID ActivID Web Soft Token and Citrix XenApp User Manual

Download

ActivIdentity® Web Soft Token Option

for Citrix

Integration Handbook

Document Version 1.2 | Released | May 31, 2012

XenApp™

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 2

1.0 Introduction

This handbook describes how to add the ActivIdentity® Web Soft Token option to Citrix® XenApp™, a thin client product that enables you to connect to corporate applications. Citrix XenApp hosts applications on central servers and allow users to interact with the applications remotely. It also enables the streaming of applications to user devices for local use.

1.1 Prerequisites

1. Configure Citrix XenApp for RADIUS authentication. Please refer to the handbook named: ActivIdentity 4TRESS Authentication Server: Configuring Citrix XenApp for Two-Factor Authentication, published by

ActivIdentity in May 2012.

2. Create a backup of the help_strings.properties file. The default location is:

C:\Program Files (x86)\Citrix\Web Interface\5.3.0\languages

2.0 Add the ActivIdentity Web Soft Token Option to Citrix XenApp

1. Edit the help_strings.properties file. Add the following code to the end of the file:

Help_AI_TokenType=\

<h1>Token Type</h1>\

<dl>\

<dt>Standard</dt>\

<dd>Select <strong>Standard</strong> this option to use a standard token that you have in your

possession such as a mobile token on your phone or a hard token on your keychain.</dd>\

<dt>Web Soft Token</dt>\

<dd>Select <strong>Web Soft Token</strong> if you wish to use a registered web soft token on this site.

After picking this option you need to populate your username to launch the web soft token.</dd>\

</dl>

2. Create a backup of the accessplatform_strings.properties file. The default location is:

C:\Program Files (x86)\Citrix\Web Interface\5.3.0\languages)

3. Edit the accessplatform_strings.properties file. Add the following code to the end of the file.

#ActivIdentity strings

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 3

AITokenType=Token Type:

AIStandard=Standard

AIWebSoftToken=Web Soft Token

AINeedUsername=Please enter your user name before clicking the Web Soft Token button so we can generate

your softoken.

AITokenLoadFailure=Unable to load the web soft token (or it took too long).

AITokenLocked=Your web soft token is currently locked. Please contact the help desk.

AITokenNotEnabled=Your web soft token is not enabled or unable to load properly.

4. Create a backup of the loginMainForm.inc file. The default location is:

c:\inetpub\wwwroot\Citrix\XenApp\app_data\include

5. Edit the loginMainForm.inc file. At approximately line 282, look for the following text (it is after the End NDS

Tree comment).

if (viewControl.getShowPasscode() && viewControl.getShowPassword() ) { //only display the passcode field here

if the password field is displayed above

6. Insert the following code after the line above and before the <tr><td> on the next line:

//********************************************************

// ActivIdentity Web Soft Token Additions BEGIN

//********************************************************

</script>

<label id='lblUseWebToken' for='TokenType'

<%=viewControl.getExplicitDisabledStr()%>>

<%=wiContext.getString("AITokenType")%>

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 4

</label>

</td>

<% if(Include.isCompactLayout(wiContext)){%>

</tr><tr>

<% }%>

<td>

<input style='width: auto' type='radio' name='TokenType' id='TokenTypeStd' value='STD' Checked='1'

onclick='AITokenStandardChecked();' class='loginEntries<%=viewControl.getExplicitDisabled()?"

loginEntriesDisabled":""%>' <%=viewControl.getExplicitDisabledStr()%>>

<%=wiContext.getString("AIStandard")%>

</td>

<% if(!Include.isCompactLayout(wiContext)){%>

<td>

<%=UIUtils.generateHelpLinkMarkup(wiContext, "Help_AI_TokenType", "inlineHelpLink")%>

<div id='<%=UIUtils.getPopupId("Help_AI_TokenType")%>' class="wiPopup"

><%=wiContext.getString("Help_AI_TokenType")%></div>

</td>

<% }%>

</tr>

</td>

<% if(Include.isCompactLayout(wiContext)){%>

</tr><tr>

<% }%>

<td>

<input style='width: auto' type='radio' name='TokenType' id='TokenTypeWST' value='WST'

onclick='AITokenWebChecked();'

class='loginEntries<%=viewControl.getExplicitDisabled()?" loginEntriesDisabled":""%>'

<%=viewControl.getExplicitDisabledStr()%>>

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 5

<%=wiContext.getString("AIWebSoftToken")%></td>

<% if(!Include.isCompactLayout(wiContext)){%>

<td>

</td>

<% }%>

</tr>

<tr>

<td>

</td>

<% if(Include.isCompactLayout(wiContext)){%>

</tr><tr>

<% }%>

<td>

</div>

</td>

<% if(!Include.isCompactLayout(wiContext)){%>

<% }%>

</tr>

//********************************************************

// ActivIdentity Web Soft Token Additions END

//********************************************************

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 6

Note You can locate the files on the ActivIdentity 4TRESS AS companion CD inside the

7. Copy the following files to the xenapp\media folder.

• Token.gif

• Token_back.gif

• Token_lcd.gif

• Webtoken.jar

compressed SoftTokenActivationPortal.war file located in the SoftToken\Soft Token Portal\ directory. You might have to copy and rename the file to a .ZIP file for Windows to extract the files inside it. The files are in the applet folder.

8. Create a new text file named aiwebsofttoken.js in the following folder:

C:\inetpub\wwwroot\Citrix\XenApp\app_data\clientscripts

9. Add the following lines to the file and then save the file.

// aiwebsofttoken.js

// Web Soft Token Citrix XenApp JavaScript 1.0.0.0

function AITokenStandardChecked() {

AIhideToken();

}

function AITokenWebChecked() {

var userID = AIgetUsername();

if(userID==null || userID.length==0) {

AIshowError("<%=wiContext.getString("AINeedUsername")%>");

document.getElementById('TokenTypeStd').checked = true;

document.getElementById('TokenTypeWST').checked = false;

AIsetFocusUsername();

return;

}

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 7

AIloadToken();

}

var nAICounter=0;

var nAICounterLimit=parseInt(60);

function AIgetUsername() {

return document.getElementById('<%=Constants.ID_USER%>').value;

}

function AIsetFocusUsername() {

window.setTimeout(function () { document.getElementById('<%=Constants.ID_USER%>').focus(); }, 0);

}

function AIsetFocusPasscode() {

window.setTimeout(function () { document.getElementById('<%=Constants.ID_PASSCODE%>').focus(); }, 0);

}

function AIshowFeedback() {

document.getElementById('feedbackArea').setAttribute("class", "");

}

function AIsetFeedback(type, msg) {

var AIHTML = "<p class='" + type + "'>" + msg + "</p>";

document.getElementById('feedbackArea').innerHTML = AIHTML;

}

function AIshowError(msg){

AIshowFeedback();

AIsetFeedback("feedbackStyleError", msg);

}

function AIshowInfo(msg){

AIshowFeedback();

AIsetFeedback("feedbackStyleInfo", msg);

}

function AIgetStyle(){

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 8

var temp = document.getElementById("AITokenArea").style.visibility;

return temp;

}

function AIhideToken(){

document.getElementById("AITokenArea").style.visibility = "hidden";

}

function AIshowToken(){

document.getElementById("AITokenArea").style.visibility = "visible";

}

function AIloadToken(){

var current = AIgetStyle();

if( current == "hidden" ) {

AIshowToken();

current = AIgetStyle();

}

if(navigator.appName=="Microsoft Internet Explorer"){

AIloadWebSoftTokenIE();

}else{

AIloadWebSoftTokenNoIE();

}

if( current == "hidden" ){

AIshowToken();

}

AIcheckApplet();

}

function AIcheckApplet() {

nAICounter=0;

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 9

// Wait for 60 tries which have 500ms delays so 30 seconds

nAICounterLimit=parseInt(60);

AIcheckAppletLoad();

}

function AIcheckAppletLoad() {

// After some time stop waiting for applet load

nAICounter++;

if (nAICounter>nAICounterLimit) {

AIshowError("<%=wiContext.getString("AITokenLoadFailure")%>");

//hideToken();

return;

}

// Wait until the applet is loaded

var bName = navigator.appName;

var applet = document.getElementById("webtoken");

if (bName.indexOf("Microsoft") == -1) {

if (typeof applet === "undefined") {

setTimeout("checkAppletLoad()", 500);

return;

}

} else {

if ((applet==undefined)||(applet==null)) {

setTimeout("checkAppletLoad()", 500);

return;

}

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 10

// Try an applet method just in case

var tokenStatus=null;

try {

tokenStatus = applet.getTokenStatus();

} catch (err) {

AIsetTimeout("checkAppletLoad()", 500);

return;

}

// Applet is now loaded and we have its status

try {

// Get token serial number and update the UI

var sn = applet.getSerialNumber();

// Check the token status

// 0 = READY TO BE ACTIVATED

// 1 = ACTIVATED

// 2 = LOCKED

if (tokenStatus!=1) {

if(tokenStatus == 2 ) {

AIshowError("<%=wiContext.getString("AITokenLocked")%>");

} else {

AIshowError("<%=wiContext.getString("AITokenNotEnabled")%>");

}

return;

} else {

AIsetFocusPasscode();

// Paste the token in if they are in pinless mode

}

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 11

} catch (err) {

setTimeout("checkAppletLoad()", 500);

return;

}

function AIloadWebSoftTokenNoIE(){

document.getElementById('AITokenArea').innerHTML = "<embed type=\"application/x-java-

applet;version=1.2\" \\ "

+" CODE=\"com.actividentity.token.WebToken.WebToken.class\" \\ "

+" ARCHIVE=\"../media/webtoken.jar\" \\ "

+" id=\"webtoken\" \\ "

+" NAME=\"webtoken\" \\ "

+" WIDTH=\"154\" \\ "

+" HEIGHT=\"212\" \\ "

+" bgImage=\"../media/token.GIF\" \\ "

+" userid=\"" + AIgetUsername() + "\" \\ "

+" appid=\"ActivIdentity\" \\ "

+" sigparams=\"4\" \\ "

+" mode=\"8\" \\"

+" scriptable=\"true\" \\ "

+" mayscript=\"true\" \\ "

+" AREA12=\"1 195 25 20\" \\ "

+" AREA11=\"29 159 30 20\" \\ "

+" AREA10=\"96 159 30 20\" \\ "

+" AREA0=\"61 161 30 20\" \\ "

+" AREA9=\"98 133 30 20\" \\ "

+" AREA8=\"60 134 30 20\" \\ "

+" AREA7=\"22 133 30 20\" \\ "

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 12

+" AREA6=\"99 107 30 20\" \\ "

+" AREA5=\"62 107 30 20\" \\ "

+" AREA4=\"22 107 30 20\" \\ "

+" AREA3=\"100 80 30 20\" \\ "

+" AREA2=\"60 81 30 20\" \\ "

+" AREA1=\"20 80 30 20\" \\ "

+" pluginspage=\"http://java.sun.com/products/plugin/\" > "

+" </embed>";

}

function AIloadWebSoftTokenIE(){

document.getElementById('AITokenArea').innerHTML = "<object classid=\"clsid:8AD9C840-044E-11D1-

B3E9-00805F499D93\" "

+" codebase=\"https://java.sun.com/products/plugin/1.4/jinstall-14-

win32.cab#Version=1,4,0,mn\" "

+" height=\"212\" "

+" id=\"webtoken\" "

+" name=\"webtoken\" "

+" width=\"154\"> "

+" <param name=\"code\" value=\"com.actividentity.token.WebToken.WebToken.class\" /> "

+" <param name=\"ARCHIVE\" value=\"../media/webtoken.jar\" /> "

+" <param name=\"MAYSCRIPT\" value=\"true\" /> "

+" <param name=\"bgImage\" value=\"../media/token.GIF\" /> "

+" <param name=\"userid\" value=\"" + AIgetUsername() + "\" /> "

+" <param name=\"appid\" value=\"ActivIdentity\" /> "

+" <param name=\"sigparams\" value=\"4\" /> "

+" <param name=\"mode\" value=\"8\" /> "

+" <param name=\"AREA12\" value=\"1 195 25 20\" /> "

+" <param name=\"AREA11\" value=\"29 159 30 20\" /> "

+" <param name=\"AREA10\" value=\"96 159 30 20\" /> "

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 13

+" <param name=\"AREA0\" value=\"61 161 30 20\" /> "

+" <param name=\"AREA9\" value=\"98 133 30 20\" /> "

+" <param name=\"AREA8\" value=\"60 134 30 20\" /> "

+" <param name=\"AREA7\" value=\"22 133 30 20\" /> "

+" <param name=\"AREA6\" value=\"99 107 30 20\" /> "

+" <param name=\"AREA5\" value=\"62 107 30 20\" /> "

+" <param name=\"AREA4\" value=\"22 107 30 20\" /> "

+" <param name=\"AREA3\" value=\"100 80 30 20\" /> "

+" <param name=\"AREA2\" value=\"60 81 30 20\" /> "

+" <param name=\"AREA1\" value=\"20 80 30 20\" /> "

+ "</object>";

}

10. Navigate to the site and you should see everything showing up correctly.

11. If you do not see everything, then please review the steps presented in this document and ensure that the copy/paste actions have been done correctly and that there are no extra returns.

12. Also check to be sure the quotation marks have not been changed automatically to smart quotes.

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 14

13. To use the new login, enter your User name, Password, and Domain (if not populated automatically).

14. Select the Web Soft Token option. The token is displayed.

15. Enter your PIN, and the OTP will be copied to the clipboard.

16. Paste the OTP into the PASSCODE field, and then click Log On.

ActivIdentity Web Soft Token Option for Citrix® XenApp™ | Integration Handbook

P 15

Legal Disclaimer

Americas +1 510.574.0100 US Federal +1 571.522.1000 Europe +33 (0) 1.42.04.84.00 Asia Pacific +61 (0) 2.6208.4888 Email info@actividentity.com Web www.actividentity.com

ActivIdentity, the ActivIdentity (logo), and/or other ActivIdentity products or marks referenced herein are either registered trademarks or trademarks of HID Global Corporation in the United States and/or other countries. The absence of a mark, product, service name or logo from this list does not constitute a waiver of the trademark or other intellectual property rights concerning that name or logo. The names of other third-party companies, trademarks, trade names, service marks, images and/or products that happen to be mentioned herein are trademarks of their respective owners. Any rights not expressly granted herein are reserved.

HID ActivID Web Soft Token and Citrix XenApp User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

1.0 Introduction

1.1 Prerequisites

2.0 Add the ActivIdentity Web Soft Token Option to Citrix XenApp