udaynj <[EMAIL PROTECTED]> queried the List:
>Hi, We are using the ACE SecurID product from RSA Security to access our
site. I >looked at the FAQs but could not find any answers to my question,
which is >below:
>
>The default web page for securId asks you for a login id, when you submit
the >form, it takes you to a page where you type in a PIN number.
>
>I would like to replace all this with one page where I can type in the
SecurID >id, pin and also my application password. In addition, I would
like to >incorporate my own graphics and web page design into this page.
>
>I have looked at the manuals, etc but can't find an answer.
>
>Any pointers would be highly appreciated.
Hi Udaynj:
This capability is a standard feature of RSA's Web Agents. The most
recent documentation for the NT Agent (v 4.4) describes in detail how the
login page can be customized. I do not believe the other Web Agent manuals
(Netscape/iPlanet and Domino) have been updated with this information yet,
and I don't see it yet available on the RSA website.
Customizing the authenticating webpage is really easy. It is also
increasingly common today.
The relevant webpages are located in
<root>/<opsys>/System32/ACECLNT. The front page for the SecurID
authentication is called passcode.htm.
As long as the on-site ACE Admin doesn't modify the cgi scripting
on the pages, they can do just about anything they want to customize these
pages.
(There are also cgi scripts available on the ACE/Agent CD which
will allow you to pull the userID out of the page to pass it along to NT.
This can enable striking levels of personalization, despite the stateless
character of the standard web connection.)
Below, I append an excerpt from the Admin's Guide for RSA ACE/Agent v
4.4 for Windows NT. Hope this addresses your concern. RSA's Regional SSEs
and the RSA Customer Support folk have this stuff down cold if you need any
detailed assistance.
Surete,
_Vin
<begin RSA manual quote>
Changing the Text in a Web Access Authentication Form
Important: Do not alter the position of %s variables. All of the HTML forms
(including the New PIN prompts and error pages) can be modified, so long as
you do not alter the relative positions of the %s variables in the scripts.
If you do, the authentication prompt will not be able to get information
from the RSA ACE/Server.
To use international characters in the forms, consult an HTML reference
book or visit the World Wide Web Consortium's Web site at
http://www.w3.org/pub/WWW/International for more information about using
international character sets in HTML documents.
To change the text in a Web access authentication form: 1. Using a text
editor, open one of the HTML forms in the %SYSTEMROOT%\system32\aceclnt
directory.
2. Delete the text found between the <TITLE>, <HEAD>, <H1>, or <P> taes,
and %nter yoor new hmading oj body tuxt in ils plcced
Fo exampl-, the tcg <H1>Wmlcome t% Widget), Inc.<mH1>, when placed in the
passcode.htm file, changes the text of the first heading in that page from
"RSA SecurID PASSCODE Request" to "Welcome to Widgets, Inc."
3. Save and close the file. The form will display the new greeting to RSA
SecurID users.
Adding Custom Graphics to a Web Access Authentication Form
Important: Do not alter the position of %s variables. All of the HTML
templates (including the New PIN prompts and error pages) can be modified,
so long as you do not alter the relative positions of the %s variables in
the scripts. If you do, the authentication prompt will not be able to get
information from the RSA ACE/Server.
When adding graphics files to the authentication prompt, make sure that the
graphics are not loaded from an RSA SecurID-protected directory. If these
files are protected, the browser will not recognize them and will display
them as "broken image" icons.
To add a custom graphic to a Web access authentication form: 1. Using a
text editor, open one of the template files in the
%SYSTEMROOT%\system32\aceclnt directory.
2. Decide where you want the image to be placed on the page, then insert an
<IMG> tag in the HTML markup pointing to the image file. For example, the
line <IMG src="http://server.domain.com/img/logo.gif" ALIGN="left"> places
the logo.gif image to the left of the page text.
Make certain that the image file you point to in the src path is in an
unprotected directory, and that you always specify a fully qualified path
to the image file.
3. Save and close the file.
4. Stop and restart the Web server for the changes to take effect. The Web
authentication prompt will display the new graphic.
Changing the Buttons in a Web Access Authentication Form
Important: Do not alter the position of %s variables. All of the HTML
templates (including the New PIN prompts and error pages) can be modified,
so long as you do not alter the relative positions of the %s variables in
the scripts. If you do, the authentication prompt will not be able to get
information from the RSA ACE/Server.
To change the buttons in a Web access authentication form: 1. Using a text
editor, open one of the template files in the %SYSTEMROOT%\system32\aceclnt
directory. The source HTML for the authentication page opens.
2. Scroll down to the line that reads <INPUT TYPE=SUBMIT VALUE="Send">.
3. Edit the line so it reads <A
HREF="JavaScript:document.forms[0].reset()"><IMG SRC="path to your image"
BORDER="0"></A>
where path to your image is a fully qualified path to an image file.
Note: Do not load the graphics files from a directory that is protected by
an RSA ACE/Agent. If the files are protected, the browser will not
recognize them and will display them as broken image icons.
If you also want to replace the Reset button, replace the line <INPUT
TYPE=RESET VALUE="Reset"> with <A
HREF="JavaScript:document.forms[0].reset()"><IMG SRC="path to your image"
BORDER="0"></A>
4. Save and close the file.
5. Stop and restart the Web server for the changes to take effect.
Specifying the Location of Customized HTML Forms
The default Web access authentication HTML forms are copied during the
Agent installation into the %SYSTEMROOT%\system32\aceclnt directory on the
Agent's host machine.
These files are used by the Agent by default for every virtual Web server.
You can, however, create customized templates for a virtual Web server from
those default files. If you decide to use customized templates, you must
store them in a different directory, not in the
%SYSTEMROOT%\system32\aceclnt directory.
Use the following procedure to specify where the Agent can find a virtual
Web server's customized HTML forms.
To specify the location of a virtual server's customized HTML forms: 1. In
the Internet Service Manager (ISM), right-click the virtual server (Web
site), and click Properties on the displayed menu. The Properties window
for the virtual server opens.
2. In the Properties window, click RSA SecurID to display the Web access
authentication properties sheet.
3. In the Templates box of the Advanced Settings group, enter the full path
of the directory that stores the customized templates for the virtual
server. You can click Browse to search for the correct directory.
4. Click Apply.
5. To test the results, connect to the virtual server as an RSA SecurID
user, and attempt to gain access to a protected file or directory on the
server. You should see the customized Web access authentication prompt.
<end RSA manual quote>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
