Modifying the Citrix Access Gateway

by Rick Mack [Published on 23 Nov. 2006 / Last Updated on 23 Nov. 2006]

How to customise some Citrix Access Gateway settings.

A lot of people have bought Citrix Access Gateway (CAG) appliances, and while the overall impression has been fairly good, there have been some stability issues, and also minor frustrations at not being able to customise simple things like the CAG login page (when not using AAC).

It’s actually quite simple to modify settings, etc, in a CAG because the CAG operating system is simply a modified Redhat Linux distribution with absolutely nothing removed. You can boot a CAG using an ubuntu or knoppix CD and provided you’ve got a monitor, keyboard and mouse plugged in, you can log on and have full read/write access to the CAG filesystem.

We’ve been able to modify the lilo.conf settings to disable acpi, and to replace the login screen gifs, text and colours etc, with customised versions supporting customer branding.

One of the big problems with modifying a “live” system is that if you have to reload the operating system for any reason, you’ll be undoing any modifications you’ve done in the past. However there’s an easy way to get around this limitation and that’s by modifying the installation image.

If you get the 4.2 ISO image and open it with something like MagicISO (http://www.magiciso.com) which will give you read/write access to the ISO image, then you can make the necessary modifications pre-installation.

This has 2 obvious benefits: you’re not having to log on to and modify your racked access gateway, and if you ever have to reload the access gateway operating system, your changes will be retained.

I’m going to briefly discuss 2 modifications: changing the lilo.conf configuration to disable ACPI, and modifying the default login portal when AAC isn’t being used.

The reason for the first example is that there seems to be evidence that disabling ACPI stabilises one of the hang problems seen with some CAG implementations.

Disabling ACPI

If we open the ISO image, configuration files are found under /root/runtime/dirs/config, eg:

The o.s. uses either fulldup_lilo.conf or halfdup_lilo.conf as the operational lilo.conf file. Since it’s possible that either of these files may be used, the simplest thing to do is edit both of them. Extract them to a temporary directory and edit them as described below.

Please note that an editor such as ultraedit or vi should be used to preserve the unix file format. In the example below (halfdup_lilo.conf), acpi=ff was added beween “=mount” and “nousb”.

Do this to both files and then drag and drop them back into the MagicISO window, replace the original files and save the ISO. When you install this image the operational lilo.conf file will disable ACPI support.

Modifying the Login Page

The second example modifies the default login portal page, in this case for RSA support and custom branding.

Open the 4.2 iso with MagicISO and go to /root/runtime/dirs/runtime/S0/etc, eg.

There are 4 files of interest here:

  • ag_logo.gif – the “Citrix Access Gateway” banner
  • vpn_logo.gif – the Citrix logo
  • login.html – the logon page html code
  • portal.css – portal style page, colours etc

Extract these files to a temporary work directory.

Since we’re intending to use RSA tokens, it’s a lot less confusing if the “password:” option is changed to “RSA Passcode:”, eg in logon.html

From:

        <TR>
          <TD align=right><SPAN class=CTXMSAM_ContentFont 
            >Password:</SPAN></TD>
          <TD><INPUT class=CTXMSAM_ContentFont id=_ctl0_PRIMARY_PASSWORD 
            title="Enter password" type=password name="password"></TD></TR>

To:

       <TR>
         <TD align=right><SPAN class=CTXMSAM_ContentFont
           style="FONT-WEIGHT: bold">RSA PassCode</SPAN></TD>
         <TD><INPUT class=CTXMSAM_ContentFont id=_ctl0_PRIMARY_PASSWORD
           title="Enter password" type=password name="password"></TD></TR>

In addition, the image height of the logo was changed and vpn_logo.gif was omitted:

From:

  <TR>
    <TD width=284 height=57><IMG height=57 alt="Citrix Access Gateway" 
      src="./ag_logo.gif" width=284></TD>
    <TD width="100%" height=1></TD>
    <TD width=135 height=56><IMG height=56 alt=Citrix 
      src="./vpn_logo.gif" 
  width=135></TD></TR></TD></TR>

To:

  <TR>
    <TD width=256 height=132><IMG height=132 alt="Parmalat Logo" 
      src="./ag_logo.gif" width=256></TD>
    <TD width="100%" height=1></TD>
    </TR></TD></TR>

Now save login.html.

Ag_logo.gif was modified with the customer’s logo and portal.css was modified so that a logo-matching blue band could be added:

From:

}
.CTXMSAM_RedDivider {
         HEIGHT: 8px; BACKGROUND-COLOR: red

To:

}
.CTXMSAM_RedDivider {
         HEIGHT: 8px; BACKGROUND-COLOR: red
}
.CTXMSAM_BlueDivider {
         HEIGHT: 8px; BACKGROUND-COLOR: #003073

Drag and drop the modified files back into the MagicISO window, replace the original files and save the ISO. When this image was installed the end result is shown below.

It should be noted that with CAG version 4.5, updating the 2 gif files and portal.css will be supported via the standard admin interface.

Featured Links