customizing nfuse web sites for citrix secure gateway
TRANSCRIPT
CCuussttoommiizziinngg NNFFuussee WWeebb SSiitteess ffoorr CCiittrriixx SSeeccuurree GGaatteewwaayy
Citrix Systems, Inc.
Notice
The information in this publication is subject to change without notice.
THIS PUBLICATION IS PROVIDED “AS IS” WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. CITRIX SYSTEMS, INC. (“CITRIX”), SHALL NOT BE LIABLE FOR TECHNICAL OR EDITORIAL ERRORS OR OMISSIONS CONTAINED HEREIN, NOR FOR DIRECT, INCIDENTAL, CONSEQUENTIAL OR ANY OTHER DAMAGES RESULTING FROM THE FURNISHING, PERFORMANCE, OR USE OF THIS PUBLICATION, EVEN IF CITRIX HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
This publication contains information protected by copyright. Except for internal distribution, no part of this publication may be photocopied or reproduced in any form without prior written consent from Citrix.
The exclusive warranty for Citrix products, if any, is stated in the product documentation accompanying such products. Citrix does not warrant products other than its own.
Product names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
Copyright © 2001 Citrix Systems, Inc. All rights reserved.
Version History
December 15, 2001 Citrix Systems, Inc. Version 1.0
Customizing NFuse Web Sites for Citrix Secure Gateway ii
Table of Contents OVERVIEW................................................................................................................................................................1 COMPATIBILITY GUIDELINES ..........................................................................................................................2 WHO SHOULD READ THIS PAPER ..................................................................................................................2 HOW NFUSE WORKS..............................................................................................................................................3 WHAT CHANGES DOES CITRIX SECURE GATEWAY INTRODUCE?.....................................................................5 NFUSE CUSTOMIZATION OVERVIEW..............................................................................................................7 COPY NFUSE EXTENSIONS FILES REQUIRED FOR CITRIX SECURE GATEWAY SUPPORT..................................7 MODIFYING LAUNCH.ASP TO SUPPORT TICKETING..........................................................................................8 MODIFY TEMPLATE.ICA TO SUPPORT SECURE GATEWAY..............................................................................11 MODIFY .ASP FILE TO SUPPORT DETECTION OF THE ICA CLIENT VERSION ....................................................12 SAMPLE WEB SITE SCRIPTS INSTALLED BY NFUSE EXTENSIONS ......................................................15 NFUSE EXTENSIONS ...................................................................................................................................17
csg_conf.inc .........................................................................................................................................................17 ctxsta.dtd..............................................................................................................................................................18 rq_ticket.xml ........................................................................................................................................................20 sta_error.inc ........................................................................................................................................................21 sta_error16.inc ....................................................................................................................................................22 sta_xml.inc...........................................................................................................................................................23
NFUSE 1.51 ...............................................................................................................................................28 launch.asp............................................................................................................................................................28 template.ica .........................................................................................................................................................30
NFUSE 1.6 .................................................................................................................................................32 launch.asp............................................................................................................................................................32 template.ica .........................................................................................................................................................37
ICA CLIENT VERSION DETECTION FUNCTION...............................................................................................39
Customizing NFuse Web Sites for Citrix Secure Gateway iii
Overview Citrix Secure Gateway (Secure Gateway), in conjunction with Citrix NFuse (NFuse) application portal software, provides heightened security by securing ICA traffic between ICA Clients and either MetaFrame XP Application Server for Windows Version 1.0 or later, or Citrix MetaFrame for UNIX Operating Systems Version 1.1 (jointly referred to as MetaFrame) servers using SSL encryption.
NFuse forms an integral part of Secure Gateway. It provides a Web portal view of published applications, available on MetaFrame servers, to ICA Client users. NFuse dynamically customizes content according to a user’s profile. When users log in to the portal, NFuse accesses the MetaFrame farm and displays a list of applications specific to the user’s group or profile.
To integrate Secure Gateway into an existing MetaFrame environment that uses NFuse to publish applications to the Web, you need to customize the NFuse Web site. Most of the customization required is to support “ticketing,” a core feature of Secure Gateway. Secure Gateway uses “tickets” as the means of authentication and authorization to allow access to MetaFrame resources.
This document outlines the changes required to an existing NFuse Web site to provide support for a Secure Gateway implementation. It includes the following sections:
Compatibility Guidelines, on page 2
How NFuse Works, on page 3
Changes Introduced by Citrix Secure Gateway, on page 5
Details of Customization Required for Citrix Secure Gateway, on page 7
Scripts for sample Web site installed by NFuse Extensions, on page 15
Customizing NFuse Web Sites for Citrix Secure Gateway 1
Compatibility Guidelines Secure Gateway is compatible with:
SSL-enabled ICA Clients, Version 6.20 or later
NFuse 1.51 or 1.6 running on Internet Information Server (IIS) 5.0 on a Windows 2000 Server
MetaFrame XP Application Server for Windows Version 1.0 or later −or−
Citrix MetaFrame for UNIX Operating Systems Version 1.1
You also need to install NFuse Extensions on your NFuse Web server, and set up the Secure Gateway environment as described in the Citrix Secure Gateway documentation.
Who Should Read This Paper This document is for server administrators responsible for the planning and deployment of MetaFrame and NFuse in the enterprise. This white paper assumes knowledge of:
Web server administration
Citrix MetaFrame XP Application Server for Windows Servers Version 1.0 or later
Citrix NFuse 1.51 or later
Citrix ICA Clients, Version 6.20 or later
Use this white paper in conjunction with the following:
Citrix Secure Gateway Administrator’s Guide
MetaFrame XP Administrator's Guide
NFuse Administrator’s Guide
Citrix ICA Client Administrator’s Guide, Version 6.20 or later
Customizing NFuse Web Sites for Citrix Secure Gateway 2
How NFuse Works This diagram describes the interaction between the Citrix server farm, an NFuse Web server, and an ICA Client device.
Web Server
ICA Client Device
Web Browser
ICA Client
Citrix Server Farm
1
3
2
4
6
5
NFuse
7
1. The user of an ICA Client device uses a Web browser to view the login page on an NFuse Web portal. The user enters valid user credentials to log in. The credentials are sent as a standard HTTP request over the default HTTP port 80.
2. The Web server reads the user’s information and uses the NFuse Java objects to forward that information to the Citrix XML Service on a designated Citrix server in the server farm. This designated server acts as a broker between the Web server and the Citrix server farm.
3. The Citrix XML Service on the designated server retrieves a list of published applications that the user can access. These applications comprise the user’s application set. The Citrix XML Service forwards the user’s application set information to the NFuse Java objects running on the Web server.
Customizing NFuse Web Sites for Citrix Secure Gateway 3
4. The Web server uses the NFuse Java objects to generate an HTML page containing links to the applications in the user’s application set. Each hyperlink in the HTML page points to the template.ica file stored on the NFuse Web server. This file serves as a template that NFuse uses to dynamically generate customized ICA files. ICA files are text files containing parameters that configure ICA session properties such as the application to run in the session, the address of the server that executes the application, and the properties of the window in which to display the application. ICA files are written in .ini file format and have an .ica extension.
5. The user initiates the next step by clicking one of the published application hyperlinks in the HTML page. The Web browser sends a request to the Web server to retrieve an ICA file for the selected application.
The Web server passes this request to the NFuse Java objects, which retrieve the template ICA file. The template file contains substitution tags. The NFuse Java objects replace the substitution tags in the template ICA file with information specific to the user and desired application.
The NFuse Java objects then send the customized ICA file to the Web browser.
6. The Web browser receives the ICA file and passes it to the client device’s ICA Client.
7. The ICA Client uses the information in the ICA file to launch an ICA connection to a Citrix server.
Customizing NFuse Web Sites for Citrix Secure Gateway 4
What Changes does Citrix Secure Gateway Introduce? The communications described in the “How NFuse Works” section are the normal sequence of events that occur when an NFuse Web server is deployed to provide access to published applications, in a Citrix server farm, to ICA Client users.
When you introduce Secure Gateway into this environment, several changes occur in the connection process. The illustration below shows the communications that take place between ICA Clients, NFuse, MetaFrame servers, and Secure Gateway components before an ICA connection is established between the ICA Client and a MetaFrame server.
Web Server
ICA Client Device
Web Browser
ICA Client
Citrix Server Farm
1
3
2
4
7
8a
NFuse
Secure TicketAuthority
Citrix SecureGateway
8c
6a
5 6b
8b
In the above illustration, the communications between the ICA Client, NFuse, and the MetaFrame server, shown in steps 1 to 5, are the normal sequence of events that occur when an NFuse Web server is deployed to provide access to published applications to ICA Client users.
Customizing NFuse Web Sites for Citrix Secure Gateway 5
A new step in the communications process is seen taking place at this point with the introduction of the Secure Ticket Authority (STA).
6a. NFuse contacts the STA to obtain a ticket for the ICA connection that the ICA client is requesting.
6b. NFuse substitutes the value of the Address field in the template.ica file with the ticket issued by the STA, and dynamically generates an ICA file. NFuse sends the ICA file to the Web browser on the client device as normal.
7. The Web browser sends the ICA file received from NFuse to the ICA Client.
Again, at this point a new set of steps in the communications process is seen taking place with the introduction of the Secure Gateway Service.
8a. The ICA Client uses the information in the ICA file to launch an SSL connection to the Secure Gateway Service.
8b. The Secure Gateway Service extracts the ticket information from the ICA file, and requests the STA to validate the ticket.
8c. When the STA has validated the ticket, the Secure Gateway Service establishes a connection to the requested resource on a MetaFrame server.
Once the connection is established, the Secure Gateway Service encrypts and decrypts ICA traffic flowing between the client and server.
Customizing NFuse Web Sites for Citrix Secure Gateway 6
NFuse Customization Overview This section addresses in detail the changes that need to be made to a NFuse Web site to support Secure Gateway. The changes required to NFuse are as follows:
Copy NFuse Extensions files required for Secure Gateway support •
•
•
•
•
•
•
•
•
Modify launch.asp to support ticketing
Modify template.ica to support Secure Gateway parameters
Modify icaclient.asp or install.asp to support detection of the ICA Client version
Copy NFuse Extensions Files Required For Citrix Secure Gateway Support When you install NFuse Extensions on your NFuse Web server, the script files that enable support for ticketing are copied to %systemdrive%\inetpub\wwwroot\csg\ (where \csg is the directory to which you installed NFuse Extensions). These files are listed below:
csg_conf.inc
This text file defines configuration values specific to Secure Gateway.
ctxsta.dtd
This text file is the DTD schema for the XML request packet used to request a Secure Gateway ticket.
rq_ticket.xml
This text file defines the XML request packet used to request a Secure Gateway ticket.
sta_error.inc, sta_error16.inc
These text files define the error reporting function staError. This function should be customized to suit the NFuse Web site. sta_error.inc is used by NFuse 1.51 and sta_error16.inc is used by NFuse 1.6.
sta_xml.inc
This text file defines the STA ticket request function, staGetTicketFromAddress.
Copy the files listed above to the directory in which the NFuse site you are modifying resides. For example, \inetpub\wwwroot\MyNfuseWebsite\ (where MyNfuseWebSite is the directory on which the files for your NFuse Web site reside).
Customizing NFuse Web Sites for Citrix Secure Gateway 7
Modifying launch.asp to Support Ticketing NFuse uses the script file, launch.asp, to launch an ICA session. You must modify this file to support Secure Gateway ticketing.
In the code fragment shown below (extracted from a unmodified script listing), the output of the parser is sent as is to the Web browser on the client device.
...
Response.ContentType = "application/x-ica"
Continue = True
Response.Expires = -1
While (Continue)
HtmlString = parser.getNextDataBlock()
If HtmlString = "" Then
Continue = False
Else
Response.Write(HtmlString)
End If
Wend
...
Customizing NFuse Web Sites for Citrix Secure Gateway 8
To support Secure Gateway ticketing, the output of the parser must be parsed to locate the Address field and the value associated with it. This value is extracted and sent to the STA for processing through the staGetTicketFromAddress function. The following script illustrates how this is done:
...
%>
<!-- #include File = "csg_conf.inc" -->
<!-- #include File = "sta_error.inc" -->
<!-- #include File = "sta_xml.inc" -->
<%
strServerAddress = ""
strConnTicket = ""
Response.ContentType = "application/x-ica"
Continue = True
Response.Expires = -1
While (Continue)
HtmlString = Parser.getNextDataBlock()
If HtmlString = "" Then
Continue = False
Else
' Check if this is the address string
strToFind = Chr(10) & "Address="
stPos = InStr(HtmlString,strToFind)
If stPos <> 0 Then
endPos = InStr(stPos+1,HtmlString,Chr(10))
cutPos = stPos + Len(strToFind)
strServerAddress = Mid(HtmlString, cutPos, _
endPos-cutPos-1)
If Len(strServerAddress) <> 0 Then
strConnTicket = _
staGetTicketFromAddress(strServerAddress)
if Len(strConnTicket) = 0 then
' invalid (empty) ticket, revert content type
' to "text/html" for error messages
Response.ContentType = "text/html"
Customizing NFuse Web Sites for Citrix Secure Gateway 9
Continue = False
else
str1 = Mid(HtmlString,1,cutPos-1)
str2 = Mid(HtmlString,endPos-1)
' replace Address with CSG ticket
HtmlString = str1 & strConnTicket & str2
end if
End If
End If
if (Continue) then
Response.Write(HtmlString)
end if
End If
Wend
...
Customizing NFuse Web Sites for Citrix Secure Gateway 10
Modify template.ica to Support Secure Gateway Secure Gateway requires the following parameters to be present in the template.ica file on the NFuse Web server:
HttpBrowserAddress=!
This parameter forces the ICA Client from performing HTTP browsing. Instead, it forces the ICA Client to connect directly to the server running the Secure Gateway Service.
BrowserProtocol=HTTPonTCP
This parameter forces the ICA Client to perform ICA browsing using the TCP/IP+HTTP network protocol.
TransportReconnectEnabled=Off
This parameter disables Client Auto Reconnect (ACR) on the ICA Client. Secure Gateway does not support ACR.
SSLProxyHost=CSGServer:Port
This parameter specifies the server address and port number of the server running the Secure Gateway Service. Note that this value can be defined as an NFuse substitution tag, which is parsed and processed by NFuse.
SSLEnable=On
This parameter forces the ICA Client to use SSL encryption for all ICA connections.
Create or modify the default template.ica file for your NFuse Web site to include the parameters and corresponding values listed above.
Customizing NFuse Web Sites for Citrix Secure Gateway 11
Modify .asp file to Support Detection of the ICA Client version Standard NFuse Web sites provide a function that enables NFuse to check that the ICA Win32 Client software is present on the client device. Secure Gateway, however, requires Citrix ICA Win32 Client, Version 6.20 or later.
To support Secure Gateway you need NFuse to check the version of the ICA Client as well. To enable version checking, the client detection script in your NFuse Web site needs to be. If the version number is not 6.20 or later, then the user is prompted to download the latest version of the client software.
Note: Ensure that the ICA Client download directory for your NFuse Web site contains download packages for ICA Clients, Version 6.20, or later. The default path for the ICA Client download directory is \citrix\icaweb in your Web server’s Web publishing root directory (usually %systemdrive%\inetpub\wwwroot). Refer to the NFuse Administrator’s Guide for information about deploying ICA Clients.
The code fragment shown below is an extract from the default script, icaclient.asp, on an NFuse 1.51 Web site:
...
function hasIcaObjVal()
dim obj
Err.Clear
On Error Resume Next
hasIcaObjVal = 0
set obj = CreateObject("Citrix.ICAClient")
if (Err.number = 0) then
hasIcaObjVal = 1
else
Err.Clear
set obj = CreateObject("Wfica.WficaCtl.6")
if (Err.number = 0) then
hasIcaObjVal = 1
else
Err.Clear
hasIcaObjVal = 0
end if
end if
Customizing NFuse Web Sites for Citrix Secure Gateway 12
set obj = Nothing
end function
select case hasIcaObjVal()
case 1
...
The following script must replace the script listing shown above. This script checks that the ICA Client software is Version 6.20 or later:
...
' Get ICA Client Object version
' returns: 0 ICA Client not installed
' 10 Pre 1.8 FR1, Wfica.WficaCtl.1
' 16 1.8 FR1, Wfica.WficaCtl.6
' 20 XP 1.0, ICO 2.0
' 21 XP 1.0 FR1, ICO 2.1,
' ICA Client version 6.20 or later
function hasIcaObjVal()
dim obj
dim badSetup
badSetup = false
Err.Clear
On Error Resume Next
hasIcaObjVal = 0
'ICO 2.x
set obj = CreateObject("Citrix.ICAClient")
if (Err.number = 0) then
clientId = obj.GetInterfaceVersion()
if (Err.number = 0) then
strPos = StrComp(clientId, "2.0", 1)
if (strPos = 0) then
'XP 1.0, ICO 2.0
hasIcaObjVal = 20
else
'XP 1.0 FR1, ICO 2.1 or later
Customizing NFuse Web Sites for Citrix Secure Gateway 13
hasIcaObjVal = 21
end if
else
'"Citrix.ICAClient" not installed/uninstalled
'correctly
badSetup = true
end if
end if
if (badSetup = true) then
Err.Clear
set obj = Nothing
'1.8 FR1, Wfica.WficaCtl.6
set obj = CreateObject("Wfica.WficaCtl.6")
if (Err.number = 0) then
hasIcaObjVal = 16
else
Err.Clear
set obj = Nothing
'Pre 1.8 FR1, Wfica.WficaCtl.1
set obj = CreateObject("Wfica.WficaCtl.1")
if (Err.number = 0) then
hasIcaObjVal = 10
end if
end if
end if
set obj = Nothing
end function
select case hasIcaObjVal()
case 21
...
Customizing NFuse Web Sites for Citrix Secure Gateway 14
Sample Web site Scripts installed by NFuse Extensions When you install NFuse Extensions, additional system files and a sample Web site are copied to the default installation directory %systemdrive%:\inetpub\wwwroot\csg\. The sample Web site is constructed from a set of Web scripts and ICA specific files.
This section contains a listing of the modified Web scripts and ICA specific files that are used to construct the sample Web site. Use these sample script listings as a reference to help you modify your existing NFuse Web sites. The script listings in this section are organized as follows:
NFuse Extensions
The following scripts are installed for ticketing support.
csg_conf.inc ctxsta.dtd rq_ticket.xml sta_error.inc sta_error16.inc sta_xml.inc
For NFuse 1.51 Web Sites
These files are modified on an NFuse 1.51 Web site to support Secure Gateway.
launch.asp
template.ica
For NFuse 1.6 Web Sites
These files are modified on an NFuse 1.6 Web site to support Secure Gateway.
launch.asp
template.ica
Customizing NFuse Web Sites for Citrix Secure Gateway 15
ICA Client Version Detection Function
This section contains a listing of the modified hasIcaObjVal() function that performs the ICA Client version check to determine if the client software is Version 6.20 or later.
For NFuse 1.6 Web sites, the file install.asp is modified by replacing the function, hasIcaObjVal(), with the script fragment listed in this section to enable version checking of ICA Client software.
For NFuse 1.51 Web sites, the file icaclient.asp is modified by replacing the function, hasIcaObjVal(), with the script fragment listed in this section to enable version checking of ICA Client software.
Note: The ICA Client detection performed by the hasIcaObjVal() function on NFuse Web sites is specific to 32-bit Windows clients. The modification demonstrated in this section will therefore only address 32-bit Windows clients.
Customizing NFuse Web Sites for Citrix Secure Gateway 16
NFuse Extensions csg_conf.inc
<%
' Citrix Secure Gateway Version 1.0
' csg_conf.inc
' Citrix Secure Gateway NFuse Web site configuration file
' Modify the parameters in this file to reflect the settings of your Citrix Secure Gateway
' Specify the FQDN or IP address of your MetaFrame master browser machine. Ensure that
' the value you give is surrounded with quotes as shown in the following example:
strCitrixServer = ""
' Specify XML service port number for the above Citrix MetaFrame server.
numCitrixServerPort = 80
' DO NOT MODIFY the following line
Dim rg_strSTAURL(7)
' Specify the STAs in your system.
'
' IMPORTANT NOTE:
' ===============
' numSTACount defines the number of active STAs in your system.
' The maximum value is 7. The value of numSTACount is 1 (ONE)
' less than the actual number of active STA, for example, if you
' have 2 (TWO) active STAs, numSTAcount should be set to 1 (ONE).
Const numSTAcount = 0
' Specify the Citrix Secure Gateway Ticket Authority URLs below. Ensure that the values
' you give are surrounded with quotes as shown in the following example:
rg_strSTAURL(0) = "http://your_ticket_authority_01.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(1) = "http://your_ticket_authority_02.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(2) = "http://your_ticket_authority_03.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(3) = "http://your_ticket_authority_04.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(4) = "http://your_ticket_authority_05.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(5) = "http://your_ticket_authority_06.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(6) = "http://your_ticket_authority_07.yourdomain.com/scripts/CtxSta.dll"
rg_strSTAURL(7) = "http://your_ticket_authority_08.yourdomain.com/scripts/CtxSta.dll"
' The hostnames entered above should be the same as the FQDN recorded previously, with the
' ticket authority dll path and name appended, e.g. /scripts/CtxSta.dll
' Port number can be specified if required, for example:
' http://your_ticket_authority_01.yourdomain.com:80
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 17
ctxsta.dtd <?xml version='1.0' encoding='UTF-8' ?>
<!-- Copyright 1999-2001 Citrix Systems Inc -->
<!-- DTD for the CtxSTA protocol -->
<!-- Version 1.0 21 Jun 2001 -->
<!-- -->
<!-- <!DOCTYPE CtxSTAProtocol [ -->
<!ELEMENT CtxSTAProtocol (
RequestTicket |
ResponseTicket |
RequestData |
ResponseData |
RequestSave |
ResponseSave |
ResponseError
)>
<!ATTLIST CtxSTAProtocol version CDATA #REQUIRED > <!-- 1.0 -->
<!-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->
<!-- Protocol message declarations -->
<!-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->
<!ELEMENT RequestTicket ( AllowedTicketType+, AllowedAuthorityIDType+, Data )>
<!ELEMENT ResponseTicket ( ( AuthorityID, Ticket, TicketVersion ) | ErrorId )>
<!ELEMENT RequestData ( Ticket, TicketVersion )>
<!ELEMENT ResponseData ( Data | ErrorId )>
<!ELEMENT RequestSave ( ( Ticket, TicketVersion, Data ) )>
<!ELEMENT ResponseSave ( Accepted | ErrorId )>
<!ELEMENT ResponseError ( ErrorId )>
<!-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->
<!-- Data type declarations -->
<!-- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -->
<!ELEMENT ErrorId (#PCDATA)> <!-- unspecified | bad-request |
out-of-memory | invalid-ticket |
save-not-supported |
ticket-type-not-supported |
max-tickets-exceeded | unsupported-request
-->
Customizing NFuse Web Sites for Citrix Secure Gateway 18
<!ELEMENT Accepted (#PCDATA)> <!-- ok -->
<!ELEMENT AllowedAuthorityIDType (#PCDATA)> <!-- STA-v1 -->
<!ELEMENT AllowedTicketType (#PCDATA)> <!-- STA-v1 -->
<!ELEMENT AuthorityID (#PCDATA)> <!-- A-Z or 0-9
max length of 16
-->
<!ATTLIST AuthorityID authorityType ( STA-v1 ) "STA-v1" >
<!ELEMENT Data (#PCDATA)> <!-- max length of 16k -->
<!ELEMENT Ticket (#PCDATA)> <!-- A-Z or 0-9
max length of 32
-->
<!ATTLIST Ticket ticketType ( STA-v1 ) "STA-v1" >
<!ELEMENT TicketVersion (#PCDATA)> <!-- A-Z or 0-9
max length of 2 -->
<!-- ]> -->
Customizing NFuse Web Sites for Citrix Secure Gateway 19
rq_ticket.xml <?xml version="1.0"?>
<!DOCTYPE CtxSTAProtocol SYSTEM "CtxSTA.dtd">
<!-- Ticket Request Packet -->
<CtxSTAProtocol version="1">
<RequestTicket>
<AllowedTicketType>STA-v1</AllowedTicketType>
<AllowedAuthorityIDType>STA-v1</AllowedAuthorityIDType>
<Data>MyTicket</Data>
</RequestTicket>
</CtxSTAProtocol>
Customizing NFuse Web Sites for Citrix Secure Gateway 20
sta_error.inc <%
' Citrix Secure Gateway Version 1.0
' NFuse 1.5x specific
' ===================
' Call this function to report STA error
Function staError(strError)
Response.Write strError & vbCrLf
End Function
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 21
sta_error16.inc <%
' Citrix Secure Gateway Version 1.0
'
' NFuse 1.6x specific
' ===================
' Call this function to report STA error
Function staError(strError)
Response.ContentType = "text/html; charset=" & propKey.getStaticString("HTMLCharSet")
Session("NFuse_errorString") = strError
Response.write "<script language='JavaScript'>" & vbCrLf
Response.write "<!--" & vbCrLf
Response.write "parent.frames[0].location.href = _
'applist.asp?NFuse_currentFolder=" & _
currentFolder & "&NFuse_lastErrorId=On" & "'" & ";" & vbCrLf
Response.write "//-->" & vbCrLf
Response.write "</script>" & vbCrLf
End Function
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 22
sta_xml.inc <%
' Citrix Secure Gateway Version 1.0
Dim staGetNextErrStr
' Call this function to get the next STA,
' returns true if an STA is found,
' returns false otherwise with last error in err object
Function staGetNext(iStart, iEnd, theXmlRq, theXmlDoc, theTicket, theAuth, theVer)
Dim idx
staGetNext = false
staGetNextErrStr = ""
On Error Resume Next
for idx = iStart to iEnd
err.Clear
' Send XML request packet to next STA
theXmlrq.open "POST", rg_strSTAURL(idx), False
theXmlrq.setRequestHeader "Content-Type", "text/xml"
theXmlrq.send (theXmldoc)
' Debug output:
' theXmlrq.responseXML.save(Response)
' Look for Citrix Secure Gateway Ticket information in the XML response:
if err.number = 0 then
for each currNode In theXmlrq.responseXML.documentElement.childNodes
if err.number <> 0 then
' error accessing childNodes
staGetNextErrStr = err.description
err.Clear
exit for
elseif currNode.nodeName = "ResponseTicket" then
' found an STA, NOTE that staGetNext (return code) will be
' set to "true" if at least one of "Ticket", "AuthorityID"
' and "TicketVersion" subnode is returned
for each subNode In currNode.childNodes
if err.number <> 0 then
' error accessing childNodes
staGetNextErrStr = err.description
err.Clear
exit for
elseif subNode.nodeName = "ErrorId" then
' error condition within <ResponseTicket>
Customizing NFuse Web Sites for Citrix Secure Gateway 23
staGetNextErrStr = subNode.text
exit for
elseif subNode.nodeName = "Ticket" then
' Found STA ticket!
theTicket = subNode.text
staGetNext = true
elseif subNode.nodeName = "AuthorityID" then
' Found AuthorityID
theAuth = subNode.text
staGetNext = true
elseif subNode.nodeName = "TicketVersion" then
' Found ticket version
theVer = subNode.text
staGetNext = true
end if
next ' subNode
elseif currNode.nodeName = "ResponseError" then
' set error string according to <ResponseError>
for each subNode In currNode.childNodes
if subNode.nodeName = "ErrorId" then
staGetNextErrStr = subNode.text
exit for
end if
next ' subNode
exit for
end if
next ' currNode
' exit loop if ticket found
if staGetNext = true then
' store last known STA in Application object for next use
Application.Lock
Application("LastSTA") = idx
Application.Unlock
exit for
end if
else
staGetNextErrStr = err.description
end if
next ' rg_strSTAURL
End Function
' Call this function to get a Citrix Secure Gateway Ticket for the named
' CSG Server/Service csg_addr_str
Function staGetTicketFromAddress(csg_addr_str)
Customizing NFuse Web Sites for Citrix Secure Gateway 24
Dim xmldoc, xmlrq
Dim ticketStr, ticketVersionStr, authStr, rq_ticket_path
On Error Resume Next
staGetTicketFromAddress = ""
ticketStr = ""
ticketVersionStr = ""
authStr = ""
' The ProgID for Microsoft XML Parser depends on the version
' installed.
'
' For MSXML earlier than 3.0:
' Set xmlrq = Server.CreateObject("Microsoft.XMLHTTP")
' Set xmldoc = Server.CreateObject("Msxml.DOMDocument")
'
' For MSXML 3.0 onwards:
' Set xmlrq = Server.CreateObject("Msxml2.XMLHTTP")
' Set xmldoc = Server.CreateObject("Msxml2.DOMDocument")
'
' Try MSXML earlier than 3.0 first:
Set xmlrq = Server.CreateObject("Microsoft.XMLHTTP")
if err.number <> 0 then
' now try MSXML 3.x:
Set xmlrq = Server.CreateObject("Msxml2.XMLHTTP")
if err.number <> 0 then
staError("Failed to instantiate XML parser: " & err.description)
Exit Function
else
Set xmldoc = Server.CreateObject("Msxml2.DOMDocument")
if err.number <> 0 then
staError("Failed to instantiate XML DOMDocument: " & err.description)
Exit Function
end if
end if
else
Set xmldoc = Server.CreateObject("Msxml.DOMDocument")
if err.number <> 0 then
staError("Failed to instantiate XML DOMDocument: " & err.description)
Exit Function
end if
end if
' There is a known issue with MSXML earlier than 2.x where
' relative path to XML/DTD files cannot be resolved to
' physical path when running in an .ASP page on IIS server.
' The work around is to call Server.MapPath() to resolve
' the absolute path name on the server.
'
Customizing NFuse Web Sites for Citrix Secure Gateway 25
' Here we try to access "rq_ticket.xml" file in the
' current directoty. "rq_ticket.xml" is the <RequestTicket>
' XML packet to be sent to the STA:
rq_ticket_path = Server.MapPath("rq_ticket.xml")
' Perform synchronous load
xmldoc.async = false
xmldoc.load(rq_ticket_path)
if xmldoc.parseError.errorCode <> 0 then
staError("Failed to load Citrix Secure Gateway Ticket request: " & xmldoc.parseError.reason)
Exit Function
end if
' Check that we have a valid <RequestTicket> packet
Set currNode = xmldoc.documentElement.childNodes.item(0)
If currNode.nodeName <> "RequestTicket" Then
staError("No <RequestTicket> in Citrix Secure Gateway Ticket request")
Exit Function
End If
' In the rq_ticket.xml file, <Data> is the third
' child node within <RequestTicket>. <Data> specify
' the destination Citrix Secure Gateway Server/Service address.
Set currSubNode = currNode.childNodes.item(2)
If currSubNode.nodeName <> "Data" Then
staError("No Data in <RequestTicket> Citrix Secure Gateway Ticket request")
Exit Function
End If
' Replace the value of <Data> with the desired
' Citrix Secure Gateway Server/Service address
currSubNode.text = csg_addr_str
' Debug output:
' xmldoc.save(Response)
' Exit Function
' Get the last known STA index stored in Application object
Dim lastSTA
Application.Lock
lastSTA = Application("LastSTA")
if lastSTA > numSTAcount then
lastSTA = 0
end if
Application.Unlock
Dim idxStart
Customizing NFuse Web Sites for Citrix Secure Gateway 26
Dim idxEnd
Dim hasTicket
idxStart = lastSTA
idxEnd = numSTAcount
hasTicket = false
' get next STA starting with last known STA,
' (numSTAcount is defined in "csg_conf.inc")
hasTicket = staGetNext(idxStart, idxEnd, xmlrq, xmldoc, ticketStr, authStr, ticketVersionStr)
if (hasTicket = false) and (idxStart <> 0) then
' try again if we didn't start from first STA (ie. idx = 0)
idxStart = 0
idxEnd = lastSTA ' try lastSTA as well in case it came back online
hasTicket = staGetNext(idxStart, idxEnd, xmlrq, xmldoc, ticketStr, authStr, ticketVersionStr)
end if
if (hasTicket = false) then
' Report the last error (from the last STA)
staError("Request for Citrix Secure Gateway Ticket failed: " & staGetNextErrStr)
Exit Function
end if
' generate ticket string as it should be passed in Address field
staGetTicketFromAddress = _
";" & ticketVersionStr & ";" & authStr & ";" & ticketStr
' Debug output:
'staError("Generated ticket string: " & staGetTicketFromAddress)
End Function
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 27
NFuse 1.51 launch.asp
<% Response.Buffer=true %>
<!-- #include File = "csg_conf.inc" -->
<%
Set parser = Server.CreateObject("com.citrix.nfuse.TemplateParser")
CookStr = Request.Cookies("NFuseData")
parser.setCookieSessionFields(CookStr)
UrlSessionFields = Request.ServerVariables("QUERY_STRING")
parser.setUrlSessionFields(UrlSessionFields)
CurrentTransPath = Request.ServerVariables("PATH_TRANSLATED")
parser.setSingleSessionField "NFuse_TemplatesDir",
Left(CurrentTransPath,InStrRev(CurrentTransPath,"\"))
parser.setSingleSessionField "NFuse_Template", "template.ica"
parser.setSingleSessionField "NFuse_CitrixServer", strCitrixServer
parser.setSingleSessionField "NFuse_CitrixServerPort", CStr(numCitrixServerPort)
if parser.Parse() = False Then
Response.Write "There was an error:<br><i>" & parser.getLastError() & "</i>"
Else
%>
<!-- #include File = "sta_error.inc" -->
<!-- #include File = "sta_xml.inc" -->
<%
' Perform Citrix Secure Gateway specific ticketing here.
strServerAddress = ""
strConnTicket = ""
Response.ContentType = "application/x-ica"
Continue = True
Response.Expires = 0
While (Continue)
HtmlString = Parser.getNextDataBlock()
If HtmlString = "" Then
Continue = False
Else
' Check if this is the address string
strToFind = Chr(10) & "Address="
stPos = InStr(HtmlString,strToFind)
If stPos <> 0 Then
endPos = InStr(stPos+1,HtmlString,Chr(10))
Customizing NFuse Web Sites for Citrix Secure Gateway 28
cutPos = stPos + Len(strToFind)
strServerAddress = Mid(HtmlString, cutPos, endPos-cutPos-1)
If Len(strServerAddress) <> 0 Then
strConnTicket = staGetTicketFromAddress(strServerAddress)
if Len(strConnTicket) = 0 then
' invalid (empty) ticket, revert content type
' to "text/html" for error messages
Response.ContentType = "text/html"
Continue = False
else
str1 = Mid(HtmlString,1,cutPos-1)
str2 = Mid(HtmlString,endPos-1)
HtmlString = str1 & strConnTicket & str2
end if
End If
End If
if (Continue) then
Response.Write(HtmlString)
end if
End If
Wend
End If
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 29
template.ica ; template.ica for the Citrix Secure Gateway, Version 1.0 web site
; Copyright 2001 Citrix Systems, Inc. All rights reserved.
;
<[NFuse_setSessionField NFuse_ContentType=application/x-ica]>
<[NFuse_setSessionField NFuse_WindowType=seamless]>
[WFClient]
Version=2
ClientName=[NFuse_ClientName]
BrowserRetry=1
BrowserTimeout=20000
HttpBrowserAddress=!
TransportReconnectEnabled=Off
[ApplicationServers]
[NFuse_AppName]=
[[NFuse_AppName]]
Address=[NFuse_IPV4Address]
; When using alternate address for firewall traversal purposes, replace
; the "NFuse_IPV4Address" tag above with "NFuse_IPV4AddressAlternate"
InitialProgram=#[NFuse_AppName]
DesiredColor=[NFuse_WindowColors]
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutologonAllowed=ON
; Specify the Citrix Secure Gateway Fully Qualified Domain Name (FQDN)
; and port number here, the FQDN MUST match the exact name used in
; the server certificate.
; eg. CSGServer.yourdomain.com:443
SSLProxyHost=
SSLEnable=On
SSLNoCACerts=0
SSLCiphers=ALL
BrowserProtocol=HTTPonTCP
[NFuse_Ticket]
<[NFuse_IFSESSIONFIELD sessionfield="NFUSE_SOUNDTYPE" value="basic"]>
ClientAudio=On
<[/NFuse_IFSESSIONFIELD]>
[NFuse_IcaWindow]
[NFuse_IcaEncryption]
Customizing NFuse Web Sites for Citrix Secure Gateway 30
SessionsharingKey=[NFuse_SessionSharingKey]
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll
[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll
Customizing NFuse Web Sites for Citrix Secure Gateway 31
NFuse 1.6 launch.asp
<%
'some security - checking for valid query string
'get query string
queryStr = request.serverVariables("QUERY_STRING")
'check if query string is empty
if Len(queryStr) = 0 Then
Response.End
End If
'get application name
nfuseAppName = request.queryString("NFuse_Application")
'get mime type
nfuseMimeType = request.queryString("NFuse_MIMEExtension")
'check if app name and mime type are empty
if Len(nfuseAppName) = 0 Or Len(nfuseMimeType) = 0 Then
Response.End
End If
'check if mime type is valid .ica
if LCase(nfuseMimeType) <> ".ica" Then
Response.End
End If
'begin actual task
Response.Buffer=true
Set parser = Server.CreateObject("com.citrix.nfuse.TemplateParser")
Set app = Server.CreateObject("com.citrix.nfuse.App")
Set propKey = Server.CreateObject("com.citrix.nfuse.PropertiesKeys")
if app.guestLoginOnly() then
anon = "On"
else
anon = Request.Cookies("NFuseLogin")("NFuse_Guest")
end if
If anon = "On" Then
'Anonymous user
user = app.urlEncode("Client")
domain = app.urlEncode("Anonymous")
password = app.urlEncode("Anon")
NFuseCookie = "NFuseModeAnon"
Else
user = Request.Cookies("NFuseData")("NFuse_User")
domain = Request.Cookies("NFuseData")("NFuse_Domain")
password = Request.Cookies("NFuseData")("NFuse_Password")
loginPage = Request.Cookies("NFuseLogin")("NFuse_loginPage")
password = app.unUrlEncode(password)
Customizing NFuse Web Sites for Citrix Secure Gateway 32
'Now we need to decrypt the password retrieved from the cookie:
Dim nfuseSessionKey
nfuseSessionKey = Session("nfuseKeyString")
If Len(nfuseSessionKey) = 0 Then
Response.Redirect("logout.asp?sessionExpired=On")
End If
nfuseSessionKey = mid(nfuseSessionKey,1,Len(password))
password = nfuseDecrypt(password)
NFuseCookie = "NFuseMode"
End If
Function nfuseDecrypt(strEncrypted)
Dim strChar, iKeyChar, iStringChar, i
for i = 1 to Len(strEncrypted)
iKeyChar = Asc(mid(nfuseSessionKey,i,1))
iStringChar = Asc(mid(strEncrypted,i,1))
iDeCryptChar = iKeyChar Xor iStringChar
strDecrypted = strDecrypted & Chr(iDeCryptChar)
next
nfuseDecrypt = strDecrypted
End Function
CookStr = "NFuse_User=" & user & "&NFuse_Domain=" & domain & "&NFuse_Password=" & password
parser.setCookieSessionFields(CookStr)
If Len(loginPage) Then
If loginPage = "NDS" Then
parser.setSingleSessionField "NFuse_DomainType", loginPage
End If
End If
currentFolder = Request.Cookies(NFuseCookie)("NFuse_currentFolder")
bSettings = app.allowCustomizeSettings
bSize = app.allowCustomizeWindowSize
bColor = app.allowCustomizeWindowColor
bAudio = app.allowCustomizeAudio
bEncryption = app.allowCustomizeEncryption
If bSettings Then
'Set the session field only if we have something. Otherwise, the parser will fails.
DisplayMode = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_WindowType"))
DesiredHRES = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_WindowWidth"))
DesiredVRES = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_WindowHeight"))
ScreenPercent = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_WindowScale"))
Customizing NFuse Web Sites for Citrix Secure Gateway 33
DesiredColor = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_WindowColors"))
Audio = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_IcaAudioType"))
Encrypt = app.unUrlEncode(Request.Cookies(NFuseCookie)("NFuse_EncryptionLevel"))
'Apply the settings.
If bSize Then
If Len(DisplayMode) > 0 Then
Parser.setSingleSessionField "NFuse_WindowType", DisplayMode
End If
If Len(DesiredHRES) > 0 Then
Parser.setSingleSessionField "NFuse_WindowWidth", DesiredHRES
End If
If Len(DesiredVRES) > 0 Then
Parser.setSingleCookieSessionField "NFuse_WindowHeight", DesiredVRES
End If
If Len(ScreenPercent) > 0 Then
Parser.setSingleCookieSessionField "NFuse_WindowScale", ScreenPercent
End If
End If
If bColor Then
If Len(DesiredColor) > 0 Then
Parser.setSingleCookieSessionField "NFuse_WindowColors", DesiredColor
End If
End If
If bAudio Then
If Len(Audio) > 0 Then
Parser.setSingleCookieSessionField "NFuse_IcaAudioType", Audio
End If
End If
If bEncryption Then
If Len(Encrypt) > 0 Then
Parser.setSingleCookieSessionField "NFuse_EncryptionLevel", Encrypt
End If
End If
End If ' If bSettings
UrlSessionFields = Request.ServerVariables("QUERY_STRING")
parser.setUrlSessionFields(UrlSessionFields)
CurrentTransPath = Request.ServerVariables("PATH_TRANSLATED")
parser.setSingleSessionField "NFuse_TemplatesDir",
Left(CurrentTransPath,InStrRev(CurrentTransPath,"\"))
If anon = "On" or app.guestLoginOnly() Then
parser.setSingleSessionField "NFuse_Template", "guest_template.ica"
Else
parser.setSingleSessionField "NFuse_Template", "template.ica"
End If
'Set the client address.
parser.setClientIPv4Address Request.ServerVariables("REMOTE_ADDR")
Customizing NFuse Web Sites for Citrix Secure Gateway 34
If parser.Parse() = False Then
Response.ContentType = "text/html; charset=" & propKey.getStaticString("HTMLCharSet")
Session("NFuse_errorString") = parser.getLastError()
Response.write "<script language='JavaScript'>" & vbCrLf
Response.write "<!--" & vbCrLf
Response.write "parent.frames[0].location.href = 'applist.asp?NFuse_currentFolder=" & currentFolder &
"&NFuse_lastErrorId=On" & "'" & ";" & vbCrLf
Response.write "//-->" & vbCrLf
Response.write "</script>" & vbCrLf
Else
%>
<!-- #include File = "csg_conf.inc" -->
<!-- #include File = "sta_error16.inc" -->
<!-- #include File = "sta_xml.inc" -->
<%
Response.ContentType = "application/x-ica"
Continue = True
Response.Expires = -1
'================================
'Begin: NFuse16 ticket processing
'--------------------------------
'While (Continue)
' HtmlString = parser.getNextDataBlock()
' If HtmlString = "" Then
' Continue = False
' Else
' Response.Write(HtmlString)
' End If
'Wend
'------------------------------
'End: NFuse16 ticket processing
'==============================
'=======================================================
'Begin: Citrix Secure Gateway specific ticket processing
'-------------------------------------------------------
strServerAddress = ""
strConnTicket = ""
While (Continue)
HtmlString = Parser.getNextDataBlock()
If HtmlString = "" Then
Continue = False
Customizing NFuse Web Sites for Citrix Secure Gateway 35
Else
' Check if this is the address string
strToFind = Chr(10) & "Address="
stPos = InStr(HtmlString,strToFind)
If stPos <> 0 Then
endPos = InStr(stPos+1,HtmlString,Chr(10))
cutPos = stPos + Len(strToFind)
strServerAddress = Mid(HtmlString, cutPos, endPos-cutPos-1)
If Len(strServerAddress) <> 0 Then
strConnTicket = staGetTicketFromAddress(strServerAddress)
if Len(strConnTicket) = 0 then
' invalid (empty) ticket, revert content type
' to "text/html" for error messages
Response.ContentType = "text/html"
Continue = False
else
str1 = Mid(HtmlString,1,cutPos-1)
str2 = Mid(HtmlString,endPos-1)
HtmlString = str1 & strConnTicket & str2
end if
End If
End If
if (Continue) then
Response.Write(HtmlString)
end if
End If
Wend
'-----------------------------------------------------
'End: Citrix Secure Gateway specific ticket processing
'=====================================================
End If
%>
Customizing NFuse Web Sites for Citrix Secure Gateway 36
template.ica ; template.ica for the Citrix Secure Gateway, Version 1.0 web site
; Copyright 2001 Citrix Systems, Inc. All rights reserved.
;
<[NFuse_setSessionField NFuse_ContentType=application/x-ica]>
[WFClient]
Version=2
ClientName=[NFuse_ClientName]
HttpBrowserAddress=!
TransportReconnectEnabled=Off
[ApplicationServers]
[NFuse_AppName]=
[[NFuse_AppName]]
Address=[NFuse_IPV4Address]
; When using alternate address for firewall traversal purposes, replace
; the "NFuse_IPV4Address" tag above with "NFuse_IPV4AddressAlternate"
InitialProgram=#[NFuse_AppName]
DesiredColor=[NFuse_WindowColors]
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
AutologonAllowed=ON
; Specify the Citrix Secure Gateway Fully Qualified Domain Name (FQDN)
; and port number here, the FQDN MUST match the exact name used in
; the server certificate.
; eg. CSGServer.yourdomain.com:443
SSLProxyHost=
SSLEnable=On
SSLNoCACerts=0
SSLCiphers=ALL
[NFuse_Ticket]
[NFuse_IcaAudio]
[NFuse_IcaWindow]
[NFuse_IcaEncryption]
SessionsharingKey=[NFuse_SessionSharingKey]
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
Customizing NFuse Web Sites for Citrix Secure Gateway 37
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll
[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll
Customizing NFuse Web Sites for Citrix Secure Gateway 38
ICA Client Version Detection Function
' Get ICA Client Object version
' returns: 0 ICA Client not installed
' 10 Pre FR1
' 16 FR1
' 20 XP 1.0, ICO 2.0
' 21 Post XP 1.0, ICO 2.1 or later
function hasIcaObjVal()
dim obj
dim badSetup
badSetup = false
Err.Clear
On Error Resume Next
hasIcaObjVal = 0
'try ICO 2.x
set obj = CreateObject("Citrix.ICAClient")
if (Err.number = 0) then
clientId = obj.GetInterfaceVersion()
if (Err.number = 0) then
strPos = StrComp(clientId, "2.0", 1)
if (strPos = 0) then
'XP 1.0 ICO 2.0
hasIcaObjVal = 20
else
'Nile ICO 2.1 or later
hasIcaObjVal = 21
end if
else
'"Citrix.ICAClient" not installed/uninstalled correctly
badSetup = true
end if
end if
if (badSetup = true) then
Err.Clear
set obj = Nothing
'try FR1 (Wfica.WficaCtl.6)
set obj = CreateObject("Wfica.WficaCtl.6")
if (Err.number = 0) then
hasIcaObjVal = 16
else
Customizing NFuse Web Sites for Citrix Secure Gateway 39
Err.Clear
set obj = Nothing
'try Pre FR1 (Wfica.WficaCtl.1)
set obj = CreateObject("Wfica.WficaCtl.1")
if (Err.number = 0) then
hasIcaObjVal = 10
end if
end if
end if
set obj = Nothing
end function
Customizing NFuse Web Sites for Citrix Secure Gateway 40
Citrix Systems, Inc. 6400 NW 6th Way Fort Lauderdale, FL 33309 954-267-3000 http://www.citrix.com