Tuesday 9 February 2016

How to hide second password or passcode or OTP field in Citrix Receiver

Issue:- 
Many time we face issue in Citrix Netscaler gateway that we have two factor authentication enabled with Primary as LDAP or something and Secondary as Radius with One time password.
The main catch here is that OTP will only be provided to the user once they are authenticated to LDAP.

Problem:-
The problem we face here is that Netscaler on the first screen itself ask for Username/ Password and Passcode ( OTP) but since the user is not yet authenticated hence they can't provide the OTP.


The desired answer is we need to hide the second password field not shown to the user. There are many ways to do this on the Browser but there is no way to do this on the Citrix Receiver.

Solution:-

1. Your Receiver version should be 4.4 or above for this.

      2. Then go to Netscaler using WinSCP or any other SFTP tool or vi editor and  Edit the /netscaler  /ns_gui/vpn/index.html file

      3. Add this line to the file
       <META http-equiv="X-Citrix-AM-GatewayAuthType" content="SMS"> below <META http-equiv="Content-Type" content="text/html; charset=UTF-8">

      As you can see below


<!DOCTYPE html PUBLIC "-//W3C//DTD XDEV_HTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Netscaler Gateway</title>
<link rel="SHORTCUT ICON" href="/vpn/images/AccessGateway.ico" type="image/vnd.microsoft.icon">
<META http-equiv="X-Citrix-AM-GatewayAuthType" content="SMS"> below <META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META content=noindex,nofollow,noarchive name=robots>
<link href="/vpn/js/rdx/core/css/rdx.css" rel="stylesheet" type="text/css"/>



And it started working fine and you will notice the passcode field is hidden as shown below

After entering password in the second screen it shows the OTP asked by the radius.