WIn8/RT Receiver Preview 2-factor authentication support
Win8/RT Receiver Preview 2-factor authentication support

Recent release of Microsoft Windows 8 and availability of Citrix Preview of Win8/RT Receiver makes it tempting to check out this new Receiver. Without testing all possible scenarios I have looked at just a few:

  • WebInterface 5.4, both traditional WI as well as XenApp Services, i.e. PNAgent
  • CloudGateway 2.0 Express
  • CloudGateway 2.0 Express front-ended with AccessGateway on NetScaler 10.0-71.6nc
  •  2-factor authentication with CloudGateway 2.0 Express front-ended with AccessGateway on NetScaler 10.0-71.6nc

Clearly, Win8/RT Receiver Preview is focusing on CloudGateway deployments – looking at http traces suggests that WebInterface 5.4 is not targeted. While CloudGateway configuration with or without AccessGeteway worked well “out of the box”, 2-factor authentication required a bit more effort.

As it turns out, the Win8/RT Receiver Preview acknowledges 2-factor authentication requirements and displays the correct log-on screen as long as Password2 fileld in https://…/vpn/resource/en.xml is is patched as follows:

&lt;String id="Password2"&gt;<strong>Password 2:</strong>&lt;/String&gt;

is replaced with
&lt;String id="Password2"&gt;<strong>PIN + Tokencode:</strong>&lt;/String&gt;

Realizing that Win8/RT Receiver Preview does not offer a “full and final” feature set, this “hack” can only be considered as a temporary fix for brave souls using preview software.

Here is an example of NetScaler rewrite policy that can be  bound to the instance of AccessGateway or globally to enable support for 2-factor authentication screen with Win8/RT Receiver Preview:

add rewrite action RSA_WinRT_replace_rewrite_action replace_all “HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)” “\”PIN + Tokencode:\”” -pattern “Password 2:” -bypassSafetyCheck YES