Ben Ari's UAG and IAG Blog

Plenty of useful and fun info on UAG, Microsoft's remote access and reverse-proxy product.

How to add “change password” direct link to UAG

How to add “change password” direct link to UAG

  • Comments 1
  • Likes

One of UAG’s features is the ability to change a user’s password. To do so, the user needs to click on the Credentials Management page on the portal, and then click on Change Password:

clip_image002

clip_image004

Some customers asked us how to add a link to this page directly on the portal, instead of the portal bar. This has the advantage of the ability to add text to the icon, making it more visible to users. To do so, you can simply create a dummy app with a static link to the page. To do so, follow these steps:

1. On the trunk’s main page, click Add

2. From the application list’s Web group, select Other Web App(Portal Hostname)

3. Type the application name, as you would want it to appear on the portal. For example “Credentials Management

4. Type some application type. It can be anything, as it won’t be used in any configuration.

5. In step 3, select configure an application server and click next

6. In step 4, type a name of some internal server. It will not be used in any way, and can be anything, but it’s advisable to use a real name of one of your internal server. If you don’t, the activation will take longer as UAG tries to resolve a non-existing name.

7. In step 5, leave SSO disabled

8. In step 6, change the application URL to

/internalsite/credentialssettings.asp?site_name=<TRUNK>&seucure=1

***Note that <TRUNK> means your trunk name. For example, Portal1

9. Finish the wizard and activate the configuration.

To provide a smoother user experience, some customers have asked for a way to skip the Credentials Settings page altogether, so that the user gets straight to the password change page. Unfortunately, the change password page needs to be launched from within the credentials management page, as it needs to run some code first. However, it’s possible inject a tricky JavaScript into the page, which will jump directly to the password page, as if the user clicked it himself. To inject the script, we need to use SRA.

The function we want to inject simply emulates a user clicking on the link by using the document.location command. The page has two links, so the JavaScript function enumerates them, and then “goes” into the 2nd link (the link count starts at 0, so linke [1] is the 2nd link on the page). This is how the script would look like:

<script>
function ClickLink()
         {
         var alllinks = document.links;
         document.location = alllinks[1].href;
         }
</script>

To actually call that function, we need to inject onload="javascript:ClickLink();" into the body tag of the page. This would tell the browser to run the function as soon as the page loads. This page already has a body tag, so we simply need to replace it with one that has the onload tag, and we can also put in the entire function right afterwards.

So, the action is to replace

<BODY height="100%">

With:

<BODY height="100%" onload="javascript:ClickLink();">
<script>
function ClickLink()
{
var alllinks = document.links;
document.location = alllinks[1].href;
}
</script>

This is a rather simple custom SRA file. The SRA needs to take action on the URL .*CredentialsSettings.asp.*, with application type “InternalSite”. This is the format:

<WHLFILTSECUREREMOTE ver="2.2">
<DATA_CHANGE>
<APPLICATION>
<APPLICATION_TYPE>InternalSite</APPLICATION_TYPE>
<URL>
<NAME>.*CredentialsSettings.asp.*</NAME>
<SEARCH encoding="base64">PEJPRFkgaGVpZ2h0PSIxMDAlIj4=</SEARCH>
<REPLACE encoding="base64">PEJPRFkgaGVpZ2h0PSIxMDAlIiBvbmxvYWQ9ImphdmFzY3JpcHQ6Q2xpY2tMaW5rKCk7Ij4NCjxzY3JpcHQ+
DQpmdW5jdGlvbiBDbGlja0xpbmsoKQ0Kew0KdmFyIGFsbGxpbmtzID0gZG9jdW1lbnQubGlua3M7DQpkb2N1bWVudC5sb2NhdGlvbiA9IGFs
bGxpbmtzWzFdLmhyZWY7DQp9DQo8L3NjcmlwdD4NCg==</REPLACE>
</URL>
</APPLICATION>
</DATA_CHANGE>
</WHLFILTSECUREREMOTE>

If you are copying the above from the blog, make sure that there are no excessive line breaks (especially in the long Base64 string!) and that there are no excess spaces before or after the triangular brackets < and >.

To make this work, place the file in the trunk’s custom update folder:

<UAG Folder>\von\conf\websites\<your trunk>\conf\CustomUpdate

Once the file is there, activate the configuration. Now, when a user opens the credentials management page, whether from the portal toolbar or from a published link, it would instantly jump to the Change Password page. The downside to this, though, is that this automatic skipping means that the other link on that page (Add Credentials) becomes unusable. This should not bother many, but still worth nothing.

Comments
  • you have a typo in the config.

    /internalsite/credentialssettings.asp?site_name=<TRUNK>&seucure=1

    should be

    /internalsite/credentialssettings.asp?site_name=<TRUNK>&secure=1

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment