This product includes the Envoy SNMP Engine, developed by Epilogue. All of the documentation and software included in the 4.4BSD release is copyrighted by the Regents of the University of California. Development of Gated has been supported in part by the national science foundation.
This product includes the Envoy SNMP Engine, developed by Epilogue. All of the documentation and software included in the 4.4BSD release is copyrighted by the Regents of the University of California. Development of Gated has been supported in part by the national science foundation.
a:hover { // Sets hover style for links color:white; } To make the connection between the CSS stylesheet and the page, you must include a <link> tag prior to the closing head tag </head>, as follows: <link rel="stylesheet" type="text/css" href="sample.css" /> </head> If you store the stylesheet in a directory other than the root directory where you keep your template files, make sure you express the path correctly in the href attribute of the link tag. For example, if you keep all of your stylesheets in a directory one level above the template file, you might indicate it as follows: <link rel="stylesheet" type="text/css" href="../sample.css" /> or Juniper Networks Secure Access Administration Guide 26 Using templates from the samples.zip file <link rel="stylesheet" type="text/css" href="css/sample.css" /> This CSS defines the presentation style of all of the major components of the page. Additionally, if you want to change the look-and-feel of the page, while keeping the basic structure intact, you can create another CSS that uses the same style names, but that modifies the definitions. Without making any changes to your template file, you can apply an entirely unique style. Here is a copy of the LoginPage.thtml file (excluding the comments section) after it has been converted to a CSS-based page. Compare it with the template file that you download from the IVE. You might notice that virtually all of the presentation codes, things such as color settings, font settings, and border settings are missing from the following code. All of the presentation code has been extracted to the CSS stylesheet. <%# NetScreen Page Version 1001 %> <!-- The following line, when uncommented, allows you to process the .thtml file locally using the tpage utility, without having to replace the angle brackets on all of the IVE template directives. The TAGS directive tells the Template Toolkit utilities to substitute angle brackets for the default square brackets. This line should be on the first line of the file when you are testing locally. Prior to uploading to the IVE, move and comment the line, or remove it from the file completely. --> <!--[% TAGS <% %> %]--> <% PROCESS customconfig.thtml %> <% PROCESS customhead.thtml %> <title>Instant Virtual Extranet</title> <link rel="stylesheet" type="text/css" href="sample_two.css" /> <script> <!-- JavaScript removed for readability. See template file for actual JavaScript. //--> </script> </head> <body id="body" onload="FinishLoad()"> <% PROCESS custombanner.thtml %> <!-- /////////////////// --> <!-- BEGIN LEFT COLUMN --> <!-- /////////////////// --> <div id="leftcontent"> <!-- ///////////////////////////////////////////// --> <!-- BEGIN CUSTOM CONTENT LEFT COLUMN (Optional) --> <!-- ///////////////////////////////////////////// --> Using templates from the samples.zip file 27 Juniper Networks Secure Access Administration Guide <!-- Add more content here, if needed. --> <!-- /////////////////////////////////// --> <!-- END CUSTOM CONTENT LEFT COLUMN --> <!-- /////////////////////////////////// --> <!-- ////////////////////////////////////////////// --> <!-- BEGIN AUTHENTICATION TEMPLATE DIRECTIVES --> <!-- and FORM USERNAME/PASSWORD/REALM PROMPTS --> <!-- DO NOT DELETE. Must be included in page. --> <!-- ////////////////////////////////////////////// --> <form name="frmLogin" action="login.cgi" method="post" autocomplete="off" onsubmit="return Login()"> <input type="hidden" name="tz_offset"> <%IF !AnonymousAuthentication && !CertificateAuthentication%> <% FOREACH prompt = prompts %> <%NEXT IF !prompt.required %><br> <p><% prompt.promptText %></p> <input type="<% prompt.type %>" name="<% prompt.name %>" size="20"> <% END %> <% IF RealmList.size == 0 %> <p>LoginRealm</p> <input type="text" name="realm" size="20"> <% ELSIF RealmList.size == 1 %> <input type="hidden" name="realm" value="<% RealmList.0 %>"> <% ELSE %> <p>LoginRealm</p> <select size="1" name="realm"> <% FOREACH r = RealmList %> <option value="<% r %>" ><% r %></option> <% END %> </select> <% END %> <%ELSE%> <input type="hidden" name="realm" value="<% RealmList.0 %>"> <%END%> <input type="submit" value="Sign In" name="btnSubmit"> </form> <!-- //////////////////////////////////// --> <!-- BEGIN CUSTOM CONTENT LEFT COLUMN --> <!-- //////////////////////////////////// --> <p>You are not yet authorized!</p> <!-- /////////////////////////////////// --> <!-- END CUSTOM CONTENT LEFT COLUMN --> <!-- /////////////////////////////////// --> </div> Juniper Networks Secure Access Administration Guide 28 Using templates from the samples.zip file <!-- ///////////////// --> <!-- END LEFT COLUMN --> <!-- ///////////////// --> <!-- ////////////////////// --> <!-- BEGIN CENTER COLUMN --> <!-- ////////////////////// --> <div id="centercontent"> <!-- ///////////////////////////////////////////////////////// --> <!-- BEGIN PASSWORD MANAGEMENT TEMPLATE DIRECTIVES --> <!-- DO NOT DELETE. Must be included in page. --> <!-- Added for Account Disabled Case for Password Managemnt --> <!-- ///////////////////////////////////////////////////////// --> <% IF AccountDisabled %> <!-- ///////////////////// --> <!-- Account Disabled Case --> <!-- ///////////////////// --> <span class="error"><% LoginPageErrorMessage %></span> <% ELSE %> <% IF LoginPageErrorMessage %> <span class="error"><% LoginPageErrorMessage %></span> <% END %> <% END %> <!-- /////////////////////////////////////// --> <!-- END PASSWORD MANAGEMENT DIRECTIVES --> <!-- /////////////////////////////////////// --> <!-- ///////////////////////// --> <!-- Optional error handling codes --> <!-- ///////////////////////// --> <span class="error"> <% IF PageErrorCode == 1020 %> You have successfully changed your password. <% END %> </span> <span class="error"> <% IF PageErrorCode == 1021 %> Account Disabled. Please contact Administrator for help. <% END %> </span> <span class="error"> <% IF PageErrorCode == 1023 %> Account Expired. Please contact Administrator for help. Using templates from the samples.zip file 29 Juniper Networks Secure Access Administration Guide <% END %> </span> <!-- ///////////////////////////// --> <!-- END optional error handling codes --> <!-- ///////////////////////////// --> <!-- ///////////////////////////////////////// --> <!-- BEGIN CUSTOM CONTENT CENTER COLUMN --> <!-- Add any content below that you want to appear in the center column. --> <!-- You can add a mix of headings, paragraphs, graphics or any other HTML.--> <!--////////////////////////////////////////////////////////////// --> <h1>Welcome to XYZ Company!</h1> <h2>New Employee Benefits!</h2> <p>Per munere latine officiis ad. Quo te elit vivendum, mea aperiri integre periculis ex, ea sea corpora consectetuer. </p> <h2>Company Party!</h2> <p>Dolore efficiantur vim ea, alia putant vivendo at pri. Odio cetero tibique no vis. Mea vero delenit ad. </p> <h2>Corporate Travel Advisory</h2> <p>Cu zzril expetenda has, ludus utinam instructior nam an, id eam fugit putent possit. Mazim epicuri contentiones mel ut, pri atqui maiestatis ei. </p> <p>Tempor oportere usu ne. Ea aperiam sanctus oportere vel.</p> <!-- ///////////////////////////////////// --> <!-- END CUSTOM CONTENT CENTER COLUMN --> <!-- ///////////////////////////////////// --> </div> <!-- //////////////////// --> <!-- END CENTER COLUMN --> <!-- //////////////////// --> <% PROCESS customfoot.thtml %> Figure 2 illustrates the newly-styled page: Juniper Networks Secure Access Administration Guide 30 Customizing error handling and navigation Figure 2: Custom LoginPage.thtml rendered with CSS Customizing error handling and navigation The Template Toolkit provides a rudimentary level of error handling capability. In most cases, errors are handled sufficiently by the included logic. However, you might want to modify the behavior of the pages, given a particular error. For example, you might want to redirect a user to your own specific custom error page on an Account Disabled error. You can redirect based on specific individual errors or based on any error occurring at all. The following samples illustrate both methods. Redirecting based on any and all errors If you want to redirect to your own Web page based on the occurrence of any and all errors, you can implement logic, as follows: <head> <% IF LoginPageErrorMessage %> <meta http-equiv=refresh content=0;url=DisplayErrorPage.html> <title>Redirect</title> </head> Redirecting based on specific errors If you want to redirect to your own Web page based on the occurrence of a specific error, such as the Account Disabled error, you can implement logic, as follows: <head> <% IF LoginPageErrorCode == 1021%> <meta http-equiv=refresh content=0;url=AcctDisabledError.html> <% ELSIF PageErrorCode == 1023 %> Localizing custom sign-in pages 31 Juniper Networks Secure Access Administration Guide <meta http-equiv=refresh content=0;url=AcctExpiredError.html> <% END %> <title>Redirect</title> </head> For more information on error codes, see LoginPageErrorCode on page 70. Defining error message locations You can locate error messages wherever you want on the page. Keep in mind, however, that you cannot move the error handling code relative to its position within the <form/> tags. For example, do not reverse the positions of two directives appearing within the body of <form/> tags or move the error handling code outside of the <form/> tags. Customizing error messages You can customize some of the error and confirmation messages your end-users might see. The IVE produces some error messages that you cannot change. Table 5, Login error messages, codes, and related notes on page 71 lists those that you can change. Although you cannot change any messages on the IVE itself, you can customize error messages that will appear instead of the messages originating on the IVE. Using the Template Toolkit IF directive, you can test for a message based on an errors unique error code, and expressed by the predefined template variable PageErrorCode. In the directive block, you include the customized message, as shown in the following example: <% IF PageErrorCode == 1020 %> You have successfully changed your password. <% END %> <% IF PageErrorCode == 1021 %> Account Disabled. Please contact administrator at X5540 for help. <% END %> <% IF PageErrorCode == 1023 %> Account Expired. Please contact administrator at X5541 for help. <% END %> You might include the preceding code in your LoginPage.thtml file following the form (<form></form>) that prompts the user for login credentials. You can see that the example messages in the preceding sample include phone extension numbers, to help end-users identify the correct administrator to call after encountering specific problems. Localizing custom sign-in pages You can create localized custom sign-in pages, using the downloadable sample template files. You can download the samples from Signing In > Sign-in pages > Upload Custom Pages > Upload Custom Sign-In Pages page. Juniper Networks Secure Access Administration Guide 32 Localizing custom sign-in pages You include the localized version of the template files in separate directories, one directory per language, in your uploaded zip file. The IVE recognizes all of the .thtml files in the root directory of the zip file as default pages. When creating the subdirectory for a set of given language files, name the subdirectory with the Accept-Language header 2-char abbreviation. Retain the default names for the localized file names. At runtime, the IVE notes the default language of the browser, then searches the subdirectory corresponding to the 2-char Accept-Language abbreviation to find the specific .thtml file. If the IVE locates the file, the IVE uses that .thtml file. If the IVE cannot locate the file, the IVE uses the default page in the root directory. The structure of your zip file should resemble the following structure (abbreviated for readability): Figure 3: Localized custom sign-in pages zip file structure The directories should contain full sets of template files, as required to implement custom sign-in pages. Creating a localized set of custom sign-in pages To create a localized set of custom sign-in pages, perform the following procedure. 1. Select Signing In > Sign in > Sign in pages. NOTE: Use the Accept-Language abbreviation zh-cn if you plan to use either of the abbreviations zh-cn or zh-sg. NOTE: For a list of acceptable Accept-Language header abbreviations, see http://www.oasis-open.org/cover/iso639a.html. Upgrade considerations 33 Juniper Networks Secure Access Administration Guide 2. Click Upload Custom Pages. 3. Click the link for the sample templates you want to localize. 4. Once downloaded, unzip the files. 5. Create a subdirectory in the sample templates directory and name it with the 2- character identifier that specifies the language into which you intend to translate the template files. For example, if you are translating into French, name the directory fr. Create subdirectories for each language into which you want to translate the templates, and copy all template files and the images directory into each subdirectory. 6. Copy all of the templates and the images directory (/imgs) and paste them into the new folder. 7. Translate the template files. 8. Change the paths in the translated files to point to the correct path. For example, you need to update the paths to images in the /imgs subdirectory, otherwise, they will continue to point to the default directory. 9. When translation is completed, zip the files and upload to the IVE. 10. To test the languages, make sure you update the language option in your Web browser, first. Upgrade considerations Consider the following when upgrading to the latest version of the custom sign-in pages: You must update the version number in your templates to match the current version. If you do not update your version number, the default page appears instead of your custom page. Alternatively, you can copy your custom content to the new templates. Old variable names may change and new variables may be added. It is recommended that you convert old variable names to their new counterparts as the default values for the old variables may no longer exist. If you do not want to update your variable names, you can select the Skip validation checks during upload option in the Upload Custom Sign-In Pages page. If you select this option, you should review all your custom pages to ensure that they are still functioning correctly. Some formatting, such as text strings and color, change from prior versions. Review your page to ensure that the changes are acceptable. Juniper Networks Secure Access Administration Guide 34 Custom templates reference Custom templates reference The following topics describe each of the template files, JavaScript, template variables, some form variables, their uses, functionality, and customizability. The topics are organized alphabetically. Within the reference, you can find definitions for: IVE pre-authentication pages You may customize a variety of standard IVE pre-authentication pages, including the standard sign-in page (LoginPage.thtml), the failed authentication page (SSL.thtml), the sign out page (Logout.thtml), the sign-in warning page (ExceededConcurrent.thtml), the Host Checker and Cache Cleaner start page (PleaseWait.thtml), and the select from multiple roles page (SelectRole.thtml). ACE pre-authentication pages The SoftID.zip file enables you to customize IVE pages for use with the RSA Soft ID client. When the end-user browses to the URL of the SoftID custom sign-in page, the page prompts the user to enter a PIN by way of the SecurID application on his local machine. If the application accepts the PIN, the end-user is logged in. To configure the SoftID custom sign-in page, download the Samples.zip and SoftID.zip files. Unzip Samples.zip to a directory first, and then unzip the SoftID.zip file to the same location, overwriting any duplicates. Once you have customized the files to your liking, zip the entire set of files and upload them to the IVE. ACE with eTrust pre-authentication pages The ACE with eTrust pre-authentication pages are named with the SM prefix, for SiteMinder. Password management pages These include pages such as the secondary authentication server login page (SecondaryLoginPage.thtml). Template variables Kiosk pages The Kiosk.zip file contains templates that enable you to customize IVE pages for use by Kiosk users. This sample shows how you can implement a custom UI to circumvent keystroke loggers. When you run the sample LoginPage.thtml (after it has been uploaded to the IVE) you see a Virtual Keyboard. The password field is disabled, so an end-user must use the Virtual Keyboard to enter a password. Because the normal keyboard is disabled, a keystroke logger cannot capture the password. <failedPolicy> 35 Juniper Networks Secure Access Administration Guide Meeting pages The Meeting.zip file enables you to customize a variety of pre-authentication and post-authentication pages used by Secure Meeting attendees. JavaScript Many of the templates include optional JavaScript functions that you can use to perform a variety of tasks on that particular page. For example, the header in LoginPage.thtml contains several JavaScript functions. Most of these functions handle cases where you associate multiple authentication realms with a single sign-in URL. You can also add your own JavaScript functions to perform presentation effects, or to modify the default navigation by redirecting to your own Web pages, in some cases. <failedPolicy> Tag used to go through list of failed policies. Object Type Template variable Included in Remediate.thtml Usage Required. Do not modify. Example None Related topics Remediate.thtml on page 105 <failedPolicy>.name Name of the policy that fails during remediation. Object Type Template variable Included in Remediate.thtml Usage Required. Do not modify. Example None Related topics Remediate.thtml on page 105 NOTE: When uploading templates to the IVE, you must include all of the THTML pages included in the original zip files for the IVE to accept the upload. Juniper Networks Secure Access Administration Guide 36 <failedPolicy>.remediation <failedPolicy>.remediation Custom instructions as defined in the remediation policy. Object Type Template variable Included in Remediate.thtml Usage Optional Example None Related topics Remediate.thtml on page 105 action An HTML form element that provides the action that is meant to occur, usually on a submit button click or POST. Object type HTML form element Included in All templates with forms Usage Required Example The following fragment from a <form> field runs the login.cgi Perl script on the IVE: action="login.cgi" Related topics autocomplete on page 40 activex_ini Contains the name of an ActiveX control. Object Type Template variable Included in LoginMeeting.thtml, MeetingTestJS.thtml Usage Required if running Internet Explorer on a Windows system. This variable contains the name of the ActiveX control that must be loaded to run Meeting in the browser. Example The following sample checks to see if the browser is Internet Explorer. If so, it passes the name of an ActiveX object to initialize. <% IF ie %> <P> <OBJECT> <% activex_ini FILTER verbatim%> </OBJECT> </P> AnonymousAuthentication 37 Juniper Networks Secure Access Administration Guide <% END %> Related topics applet_ini on page 37 FILTER verbatim on page 49 AnonymousAuthentication Use this variable to specify that users signing into an anonymous realm should not see the username and password fields in the sign-in page. Object type Template variable Included in LoginPage.thtml, LoginPage-ppc.thtml Usage Optional. The IVE sets this value to true if the authentication realm is set to an anonymous server. If you use this variable, the IVE only displays the sign-in page to users when they encounter one of the errors described in LoginPageErrorCode on page 70. If you set AnonymousAuthentication, the realm is available in RealmList.0. You need to send the realm in the form as a hidden variable. Example The following sample checks to see if AnonymousAuthentication and CertificateAuthentication are set to false. If the variables are set to false, the following directives generate authentication fields, setting the size of the input fields to 20 characters. <%IF !AnonymousAuthentication && !CertificateAuthentication%> <% FOREACH prompt = prompts %> <%NEXT IF !prompt.required %> <% prompt.promptText %> <input type="<% prompt.type %>" name="<% prompt.name %>" size="20"> <% END %> Related topics CertificateAuthentication on page 43 RealmList on page 103 applet_ini Contains instructions that initialize a meeting applet. Object Type Template variable Included in MeetingAppletInstaller.thtml, MeetingTestMSJava.thtml Usage Required Example The following code fragment shows how the applet_ini variable passes an applet to the page, and how the additional code passes parameters to the applet: <% IF install %> <P> Juniper Networks Secure Access Administration Guide 38 appstr <APPLET <% applet_ini FILTER verbatim %> <PARAM NAME="Parameter0" VALUE="meeting_id=<%instanceId%>;user_name=<%username%>;cert_md5=<%c ert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"> <PARAM NAME="StartSessionReDir" VALUE="<%startSessionReDir%>"> <PARAM NAME="UninstallReDir" VALUE="<%uninstallReDir%>"> <PARAM NAME="locale" VALUE="<%locale%>"> </APPLET> Related topics MeetingAppletInstaller.thtml on page 75 appstr Contains the applet tag for the Secure Meeting client. Object Type Template variable Included in MeetingRunJava.thtml Usage Required Example The following example checks to see if a login is required. If not, the IVE loads the applet indicated in the appstr variable. <% IF !login_required %> <% appstr FILTER verbatim %> <% END %> Related topics FILTER verbatim on page 49 authenticate() Authenticates a user. Object Type JavaScript function Included in GeneratePin.thtml (ACE/SoftID), LoginPage.thtml (ACE/SoftID), NewPin.thtml (ACE/SoftID), NextToken.thtml (ACE/SoftID) Usage Required Example The following examples illustrate the use of the authenticate() function. From ACE/SoftID LoginPage.thtml. This function checks to see whether or not the user is authenticated. If the user is not authenticated, the function displays an error from the authentication server. Otherwise, it passes the authentication credentials from the auth server to the frmLogin HTML form in LoginPage.thtml: function authenticate() { var rc = -1; authenticate() 39 Juniper Networks Secure Access Administration Guide var time = <% softid_time %> ; var user = document.frmLogin.username.value; var state = 0; if(typeof(document.sdui.sdAuth) == "undefined") { rc = -1; } else { if (error != "") { alert(error); } rc = document.sdui.sdAuth(time, user, state); } if (rc == 1) { document.frmLogin.username.value = document.sdui.getUsername(); document.frmLogin.password.value = document.sdui.getPasscode(); document.frmLogin.submit(); } else { document.cancelForm.submit(); } } From ACE/SoftID GeneratePin.thtml. The following function enables the user to generate a new PIN for signing in to an authentication server: function authenticate() { var min = parseInt(document.minmaxForm.minlen.value); var max = parseInt(document.minmaxForm.maxlen.value); var alp = parseInt(document.minmaxForm.alphanumeric.value); var sys = document.minmaxForm.systempin.value; if(typeof(document.sdui.sdPin) == "undefined") { rc = -1; } else { if (error != "") alert(error); rc = document.sdui.sdPin(min, max, <% secid_pinselectmode %>, alp, sys); } if (rc == 1) { document.frmNewPin.password.value = document.sdui.getPin(); document.frmNewPin.password2.value = document.frmNewPin.password.value; Juniper Networks Secure Access Administration Guide 40 autocomplete document.frmNewPin.secidaction.value = "Save PIN"; document.frmNewPin.secidactionSavePin.value = "Save PIN"; document.frmNewPin.submit(); } else if(rc == 2) { document.frmNewPin.password.value = ""; document.frmNewPin.password2.value= ""; document.frmNewPin.secidactionCancel.value = "Cancel"; document.frmNewPin.submit(); } else { document.cancelForm.submit(); } } Related topics GeneratePin.thtml on page 55 LoginPage.thtml on page 68 autocomplete Prevents the form from auto-filling username or authentication realm field entries using cached values. Object type HTML form element Included in All templates with forms Usage Optional Example <form name="frmLogin" action="login.cgi" method="post" autocomplete="off" onsubmit="return Login()"> Related topics None Cancel.thtml Displays a message to the user informing him that the sign-in request has been cancelled. Object type Template Usage Required Required variables None Example None Related topics Cancel-ppc.thtml on page 41 Cancel-ppc.thtml 41 Juniper Networks Secure Access Administration Guide Cancel-ppc.thtml Pocket PC version of Cancel.thtml on page 40. Object type Template Usage Required Required variables None Example None Related topics Cancel.thtml on page 40 cboxuser Indicates whether or not the attendee is an IVE user. Object Type Template variable Included in LoginMeeting.thtml Usage Required If cboxuser = 1, this user is not signed in as an IVE user, and the page displays a text box labeled "Your Name." If cboxuser = 0, this user is signed in as an IVE user. In this case, the page does not display the text box labeled "Your Name" but instead displays the users sign-in name. Example The following example displays the text box and label in an HTML table. <% IF cboxuser %> <tr><td align="right">Your Name:</td> <td><input type=text name="username" value="<% username %>" maxlength="40" size="20"></td> <% END %> Related topics LoginMeeting.thtml on page 67 ccInAcTimeout Specifies the Cache Cleaner login inactivity in minutes. Object Type Template variable Included in LoginPage.thtml Usage Required Example The following code sets the timeout interval to 60000 milliseconds times the smaller value of ccInAcTimeout or hcInAcTimeout. Juniper Networks Secure Access Administration Guide 42 ccRunning <% IF hcInAcTimeout > ccInAcTimeout %> window.setTimeout("deletepreauth();", 60000 * <% ccInAcTimeout %>); <% ELSE %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> Related topics LoginPage.thtml on page 68 ccRunning Specifies whether or not Cache Cleaner is currently running. Object Type Template variable Included in LoginPage.thtml Usage Required Example The following code sets the timeout interval based on whether Host Checker and Cache Cleaner are both running or only Host Checker. <% IF hcRunning && ccRunning %> <% IF hcInAcTimeout > ccInAcTimeout %> window.setTimeout("deletepreauth();", 60000 * <% ccInAcTimeout %>); <% ELSE %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> <% ELSIF hcRunning %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> Related topics LoginPage.thtml on page 68 cert_md5 Contains the cert-md5 statement (the MD5 fingerprint of the SSL peers certificate) that enables the user to install an applet in a meeting session. Object Type Template variable Included in MeetingAppletInstaller.thtml Usage Required Example This fragment, which is contained in MeetingAppletInstaller.thtml, shows the use of the cert_md5 variable: <% IF install %> <APPLET <% applet_ini FILTER verbatim %> <PARAM NAME="Parameter0" VALUE="meeting_id=<%instanceId%>;user_name=<%username%>; CertificateAuthentication 43 Juniper Networks Secure Access Administration Guide cert_md5=<% cert_md5 %>;ncp_read_timeout=<%ncp_read_timeout%>"> <PARAM NAME="StartSessionReDir" VALUE="<%startSessionReDir%>"> Related topics MeetingAppletInstaller.thtml on page 75 CertificateAuthentication Use this variable if you want to specify that users signing into a certificate realm should not see the username and password fields in the sign-in page. Object type Template variable Included in LoginPage.thtml, LoginPage-ppc.thtml Usage The IVE sets this value to true if the authentication realm is set to a certificate server. If you use this variable, the IVE only displays the sign-in page to users when they encounter one of the errors described in LoginPageErrorCode on page 70. (For information about hiding this page from users authenticated against a eTrust SiteMinder server using client-side certificate authentication, see Login() on page 67.) If you set CertificateAuthentication, the realm is available in RealmList.0. You need to send the realm in the form as a hidden variable. Example The following code tests for AnonymousAuthentication and CertificateAuthentication: <%IF !AnonymousAuthentication && !CertificateAuthentication%> <% FOREACH prompt = prompts %> <%NEXT IF !prompt.required %> <% prompt.promptText %> <input type="<% prompt.type %>" name="<% prompt.name %>" size="20"> <% END %> Related topics AnonymousAuthentication on page 37 RealmList on page 103 changePasswordTitle Argument to display password change title text. Object Type Template variable Included in PasswordChange.thtml, PasswordChange-ppc.thtml Usage Optional Example The following code tests the boolean showChangePasswordTitle and, if true, passes the argument to the page, as is. <%IF showChangePasswordTitle %> <% changePasswordTitle FILTER verbatim %> <%END%> Juniper Networks Secure Access Administration Guide 44 check Related topics showChangePasswordTitle on page 120 check Contains the name of the GIF file that the IVE displays on the MeetingTestResult page. Object Type Template variable Included in MeetingTestResult.thtml Usage Required Example The following code displays the GIF that is referenced in the check template variable: <table cellpadding="2" cellspacing="2" border="0"> <tr valign="top"> <td> <img src="<%home%>/imgs/space.gif" width="15" height="1"> </td> <td> <img src="<%home%>/imgs/<% check %>"> </td> <td width="100%" nowrap> <% message FILTER verbatim %> </td> </tr> </table> Related topics MeetingTestResult.thtml on page 79 checkActiveX() Checks to see if ActiveX is enabled. Object Type JavaScript function Included in MeetingAppletInstaller.thtml, MeetingRun.thtml, MeetingTestMSJava.thtml, MeetingTestJS.thtml, MeetingTestJava.thtml Usage Optional Example The following examples illustrate the verification of ActiveX. From MeetingTestMSJava.thtml: function checkActiveX () { if ( typeof(SecureMeetingApplet) == "undefined") { redirect(); return true; } checkActiveX() 45 Juniper Networks Secure Access Administration Guide setTimeout('redirect()', 5000); return true; } From MeetingRun.thtml: function checkActiveX () { var f = document.meetingrun; if (typeof(f) == "undefined" || typeof(f.button1) == "undefined") return; try { NeoterisSetup.isValid(); f.button1.disabled = false; } catch (e) { ; } } From MeetingTestJS.thtml: function checkActiveX () { var win = <% win32 %>; try { NeoterisSetup.isValid(); document.form1.submit(); return true; } catch (e) { var url = win ? "/dana- na/meeting/<%signin%>meeting_testmsjava.cgi?<%mid_param%>" : "/dana- na/meeting/<%signin%>meeting_testjava.cgi?<%mid_param%>"; document.location.replace(url); } } From MeetingTestJava.thtml: function checkActiveX () { setTimeout('redirect()', 30000); return true; } Related topics MeetingAppletInstaller.thtml on page 75 MeetingRun.thtml on page 76 MeetingTestMSJava.thtml on page 79 MeetingTestJava.thtml on page 78 MeetingTestJS.thtml on page 79 Juniper Networks Secure Access Administration Guide 46 color color Contains the color definition. Object Type Template variable Default value None Included in Cancel-ppc.thtml, Cancel.thtml, Defender-ppc.thtml, Defender.thtml, ExceededConcurrent-ppc.thtml, ExceededConcurrent.thtml, GeneratePin-ppc.thtml, GeneratePin.thtml, GraceLoginUsed-ppc.thtml, GraceLoginUsed.thtml, LoginPage- ppc.thtml, LoginPage.thtml, Logout-ppc.thtml, Logout.thtml, NewPint-ppc.thtml, NewPin.thtml, NextToken-ppc.thtml, NextToken.thtml, PasswordChange-ppc.thtml, PasswordChange.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml, PleaseWait-ppc.thtml, PleaseWait.thtml, Remediate-ppc.thtml, Remediate.thtml, SM- NewPinSelect-ppc.thtml, SM-NewPintSelect.thtml, SM-NewPinSystem-ppc.thtml, SM- NewPinSystem.thtml, SM-NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken- ppc.thtml, SM-NextToken.thtml, SSL-ppc.thtml, SSL.thtml, SecondaryLoginPage- ppc.thtml, SecondaryLoginpage.thtml, SelectRole-ppc.thtml, SelectRole.thtml, ShowSysemPin-ppc.thtml, ShowSystemPin.thtml Usage Optional Example This example sets the background color of the table cell to the value of color. <td bgcolor="<% color %>"><img border="0" src="welcome.cgi?p=logo" alt="Logo"></td> Related topics None Continue Submits the hidden form when an end-user clicks the Continue button. Object Type JavaScript function Included in Remediate.thtml Usage Optional Example The following code fragment defines the Continue button and passes control to the Continue() JavaScript function. <input name="btnContinue" type="button" value="<% textContinue %>" onClick="Continue()"> Related topics Remediate.thtml on page 105 cval Handles the Radius secure ID challenge value. Defender.thtml 47 Juniper Networks Secure Access Administration Guide Object Type HTML form field Included in Defender.thtml Usage Required Example <INPUT type=hidden name="cval" value="<% secid_challenge %>"> Related topics Defender.thtml on page 47 Defender.thtml Prompts the Radius user to enter his PIN and provides the appropriate challenge values from the server. Object type Template Usage Password Management Required variables secid_challenge on page 109 Example None Related topics Defender-ppc.thtml on page 47 Defender-ppc.thtml Pocket PC version of Defender.thtml on page 47. Object type Template Usage This template prompts the Radius user to enter his PIN and provides the appropriate challenge values from the server. Unlike Defender.thtml, Defender- ppc.thtml does not support the CASQUE server. Required variables secid_challenge on page 109 Example None Related topics Defender.thtml on page 47 delivery_mode Indicates the delivery mode of an applet, whether Java or ActiveX. Object Type Template variable Included in Logout.thtml Usage Required Juniper Networks Secure Access Administration Guide 48 DoUnload() Example The following fragment checks to see if the delivery mode is Java when Cache Cleaner, Host Checker, or Win32 applets are running during a user logout. If Java is the delivery mode, the code indicates that the page should call the stopComponents function when loading. <% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) && delivery_mode == 'java'%> onload="javascript:stopComponents()" <%END%> Related topics stopComponents() on page 132 DoUnload() Forces the IVE to cancel the current mode. Object Type JavaScript function Included in GeneratePin-ppc.thtml, GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml, NextToken- ppc.thtml, NextToken.ppc Usage Required. You must include this function in the header of NewPin.thtml and call it from the body. Example The following code shows how the DoUnload() function appears in the NewPin.thtml template. The code serves a similar purpose in other templates, as well. function DoUnload() { if (gCancelNewPinMode) { window.open("secid_cancelpin.cgi", "newpincancel", "resizable=1,height=250,width=200,status=0"); } } Related topics NewPin.thtml on page 87 NextToken.thtml on page 88 ExceededConcurrent.thtml Displays a performance warning to the user when too many concurrent users are signed into the IVE. Object type Template Usage Required. You must always include this template in your zip file. This is a standard IVE page that displays a performance warning to the user when too many concurrent users are signed into the IVE. This template does not contain any JavaScript or forms. It does contain an optional link to starter.cgi, however, that allows users to sign into the IVE as well as error message variables. For more information, see comments in the template. ExceededConcurrent-ppc.thtml 49 Juniper Networks Secure Access Administration Guide Required variables None Example None Related topics ExceededConcurrent-ppc.thtml on page 49 ExceededConcurrent-ppc.thtml Pocket PC version of ExceededConcurrent.thtml on page 48. Displays a performance warning to the user when too many concurrent users are signed into the IVE. Object type Template Usage Required Required variables None Example None Related topics ExceededConcurrent.thtml on page 48 expired Boolean indicating whether or not a meeting session has expired. Object Type Template variable Included in MeetingRun.thtml Usage Required Example The following code checks to see if ActiveX is enabled and that the session is not expired. If both conditions are true, the meeting is initialized. <% IF type == "activex" && !expired %> <% meeting_ini FILTER verbatim %> <% END %> Related topics MeetingRun.thtml on page 76 FILTER verbatim Indicates that the page should process the preceding variable raw, without performing any parsing or other actions on the variable contents. Object Type Template directive Included in LoginMeeting.thtml, MeetingAppletInstaller.thtml, MeetingRun.thtml, MeetingRunJava.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml, MeetingTestMSJava.thtml, MeetingTestResult.thtml, MeetingTrouble.thtml Juniper Networks Secure Access Administration Guide 50 FinishLoad() Usage Optional. Most often used when loading applets or ActiveX controls, which do not need to be processed by the Template Toolkit utilities in any way, but which should be passed through to the page as is. Can also be used to pass text to the page, unfiltered. Example The following code displays a label in a meeting page and loads the teleconference information contained in the template variable, regardless of its content or format: <span class="cssSmall"><b>Teleconference:</b></span> <span class="cssSmall"><% teleconference_info FILTER verbatim %></span> Related topics activex_ini on page 36 applet_ini on page 37 appstr on page 38 FinishLoad() Use this function if you want to allow users to select from multiple realms in the sign-in page. Object type JavaScript function Included in GeneratePin.thtml, GeneratePin-ppc.thtml, LoginPage.thtml, LoginPage-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml, ShowSystemPin.thtml, ShowSystemPin-ppc.thtml, Defender.thtml, Defender-ppc.thtml, SecondaryLoginPage.thtml, SecondaryLoginPage-ppc.thtml, SM-NewPinSelect.thtml, SM-NewPinSelect-ppc.thtml, SM-NewPinSystem.thtml, SM-NewPinSystem-ppc.thtml, SM-NewUserPin.thtml, SM-NewUserPin-ppc.thtml, SM-NextToken.thtml, SM-NextToken- ppc.thtml. Usage Optional. If you are authenticating users through a eTrust SiteMinder server using client-side certificate authentication, you may want to hide the standard IVE sign-in page from users. If you are authenticating users through an anonymous authentication server or certificate authentication server and want to bypass the standard IVE sign-in page, see AnonymousAuthentication on page 37 or CertificateAuthentication on page 43. Example To post data to the IVE without prompting users for any credentials, you may use the following modified version of the FinishLoad() function. Note that this function only bypasses the sign-in page if no errors occur while loading the page: function FinishLoad() { recallLastRealmUsed(); <% IF !LoginPageErrorCode %> Login(); document.frmLogin.submit(); <% END %> } Related topics GeneratePin.thtml on page 55 LoginPage.thtml on page 68 focus 51 Juniper Networks Secure Access Administration Guide SM-NewPinSelect.thtml on page 124 SM-NewPinSystem.thtml on page 124 SM-NewUserPin.thtml on page 125 SM-NextToken.thtml on page 126 focus Sets the focus on given component on a form. Object Type Template variable Included in Cancel-ppc.thtml, Cancel.thtml, LoginPage-ppc.thtml, LoginPage.thtml, NewPin- ppc.thtml, NewPin.thtml, LoginMeeting.thtml, NextToken-ppc.thtml, NextToken.thtml, MeetingRun.thtml, Defender-ppc.thtml, Defender.thtml, SecondaryLoginPage-ppc.thtml, SecondaryLoginPage.thtml, SM-PinSelect-ppc.thtml, SM-PinSelect.thtml, SM- NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-NewUserPin-ppc.thtml, SM- NewUserPin.thtml, SM-NextToken-ppc.thtml, SM-NextToken.thtml Usage Required Example The following code sets the focus (by way of a JavaScript function also called focus() ) to the form object indicated by the template variable focus: function onLoad() { grab(); document.frmLogin.<% focus %>.focus(); } Related topics None FriendlyTime Argument in number of seconds. Object Type Template variable Included in PasswordChange-ppc.thtml, PasswordChange.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml Usage Argument for error code 2004, Password Too New. Example None Related topics PageErrorArgs on page 90 PageErrorCode on page 91 Juniper Networks Secure Access Administration Guide 52 frmCasque frmCasque HTML form that enables an end-user to initiate the CASQUE RADIUS server. Object Type HTML form Included in Defender.thtml Usage Required Example The following code illustrates the use of the frmCasque form. If the plug-in type is the CASQUE RADIUS server plug-in, then the page loads the form: <% IF plugintype == 'CASQUE' %> <form name="frmCasque" method="POST" autocomplete=off> <INPUT type=hidden name="cval" value="<% secid_challenge %>"> <INPUT type=hidden name="p" value="casqueapp"> <a href="#" onClick="submitFrmCasque(); return false;"> LAUNCH CASQUE PLAYER </form> Related topics submitFrmCasque() on page 133 frmLogin HTML form that enables the template page to trigger a call to the Login() function and begins the sign in process for a user. Object Type HTML Form Included in LoginPage.thtml, LoginMeeting.thtml Usage Required Example The following code is the form definition statement: <form name="frmLogin" action="login.cgi" method="post" autocomplete="off" onsubmit="return Login()"> Related topics autocomplete on page 40 frmNextToken Next Token HTML form. Object Type HTML Form Included in NextToken.thtml, NextToken-ppc.thtml, SM-NextToken.thtml, SM-NextToken-ppc.thtml Usage Required frmSelectRoles 53 Juniper Networks Secure Access Administration Guide Example The following code illustrates the suggested form definition: <FORM name="frmNextToken" action="login.cgi" method="POST" autocomplete=off onsubmit="return SubmitClicked();"> Related topics NextToken.thtml on page 88 frmSelectRoles Select Roles HTML form Object Type HTML Form Included in SelectRole-ppc.thtml, SelectRole.thtml Usage Required Example The following code illustrates the suggested form definition: <FORM name="frmSelectRoles" autocomplete=off> Related topics SelectRole.thtml on page 114 g_time The time when the browser first loads the page. Object Type JavaScript variable Included in PleaseWait.thtml, PleaseWait-ppc.thtml Usage Optional Example None Related topics PleaseWait.thtml on page 97 gCancelNewPinMode Prevents the IVE from cancelling Generate PIN mode while the user is trying to save a PIN or generate a new one. Object Type JavaScript variable/flag Included in GeneratePin-ppc.thtml, GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml Juniper Networks Secure Access Administration Guide 54 gCancelNextTokenMode Usage Required. You must include this flag in the header of GeneratePin.thtml. Works together with the JavaScript DoUnload() and SubmitClicked() functions to call the appropriate CGI on the IVE if the user chooses to close the browser window without cancelling his session first. If you do not include this code, the user may be locked out of the IVE when he closes his browser. In addition to including this JavaScript in your header, you must also call the functionDoUnload() function from the body of GeneratePin.thtml. Example You include the following code in the header of the NewPin.thtml template. This function saves or cancels a PIN per the users request. Note that in this example, the gCancelNewPinMode is set to false though it was initialized to true when the page loaded. // Save / Cancel a PIN function SubmitClicked() { gCancelNewPinMode = false; return true; } Related topics SubmitClicked() on page 132 gCancelNextTokenMode Prevents the IVE from cancelling Next Token mode while the user is trying to enter his token. Object Type JavaScript function Included in NextToken-ppc.thtml, NextToken.thtml Usage Required. The header in NextToken.thtml contains two required JavaScript functions, DoUnload() and SubmitClicked(), as well as the gCancelNextTokenMode flag. These work together to call the appropriate CGI on the IVE if the user chooses to close the browser window without cancelling his session first. If you do not include this code, the user may be locked out of the IVE when he closes his browser. In addition to including this JavaScript in your header, you must also call the DoUnload() function from the body of NextToken.thtml. Example You must include this flag in the header of NextToken.thtml: var gCancelNextTokenMode = true; Related topics NextToken.thtml on page 88 geckoBrowser Boolean set to 1 if the browser is gecko-based (Firefox). Object Type Template variable Included in Logout.thtml, PleaseWait.thtml GeneratePin.thtml 55 Juniper Networks Secure Access Administration Guide Usage Required Example The following code checks to see if the browser is Firefox, If yes, then the page loads the proxy form in an iFrame (inline frame). <% IF geckoBrowser %> <IFRAME ID="proxy_frm" src="/dana-na/help/blank.html" WIDTH=0 HEIGHT=0 FRAMEBORDER=0 SCROLLING=NO></IFRAME> <% END %> Related topics safari on page 108 GeneratePin.thtml Enables the user to create a system-generated PIN. Object type Template Usage Required Required variables None Example When configuring the secid_pinselectmode variable (which sets the users PIN select mode), note that possible values include: Related topics GeneratePin-ppc.thtml on page 55 GeneratePin-ppc.thtml Pocket PC version of GeneratePin.thtml on page 55. The templates are identical, except for name. Object type Template Usage Required Required variables None Example None Related topics GeneratePin.thtml on page 55 Table 4: PIN usage indicators Mode Description 0 User must use the system-generated PIN. He cannot enter his own PIN. 1 User may enter his own PIN or use the system-generated PIN. 2 User must enter his own PIN. He cannot use the system-generated PIN. Juniper Networks Secure Access Administration Guide 56 GetCookieValue() GetCookieValue() Generic helper function that retrieves a value from a cookie, creates a string the length of the value, and populates the string with the value. Object type JavaScript function Included in LoginPage.thtml, LoginPage-ppc.thtml, PleaseWait.thtml, PleaseWait-ppc.thtml Usage Use this function if you want to allow users to select from multiple realms in the sign-in page. sNameCookie name. Example The function definition follows: function GetCookieValue(sName) { var s = document.cookie; sName += "="; // where nv pair starts var nStart = s.indexOf(sName); if (nStart == -1) return ""; else nStart += sName.length; // if more values, clip, otherwise just get rest of string var nEnd = document.cookie.indexOf(";", nStart); if (nEnd == -1) s = unescape(s.substring(nStart)); else s = unescape(s.substring(nStart, nEnd)); return s; } Related topics LoginPage.thtml on page 68 PleaseWait.thtml on page 97 grab() Checks for browser type and grabs a cookie when a user tries to sign in to a meeting. Object Type JavaScript function Included in LoginMeeting.thtml Usage Required GraceLoginsRemaining 57 Juniper Networks Secure Access Administration Guide Example The following code shows the grab() function: function grab() { var f = document.frmLogin; <% IF ie %> try { var result = NeoterisSetup.isValid(); f.activex_enabled.value = 1; if (result == 1) f.power_user.value = 1; } catch (e) { f.activex_enabled.value = 0; } <% END %> f.java_enabled.value = navigator ? (navigator.javaEnabled() ? 1 : 0) : 0; } if (document.cookie.indexOf("DSMTCookie") < 0) { alert("You must enable cookies through your Web browser in order to sign into the meeting."); } Related topics LoginMeeting.thtml on page 67 GraceLoginsRemaining Number of remaining grace logins. Object Type Template variable Included in GraceLoginUsed.thtml, GraceLoginUsed-ppc.thtml Usage Optional. Argument for error code 2016. Example The following code shows an example of how to display a message for the number of grace logins available to the user: <% IF LoginPageErrorCode == 2016 %> You have <% LoginPageErrorArgs.GraceLoginsRemaining %> grace logins. <% END %> Related topics GraceLoginUsed.thtml on page 57 GraceLoginUsed-ppc.thtml on page 58 PageErrorArgs on page 90 PageErrorCode on page 91 GraceLoginUsed.thtml Tells the user how many more times he can sign in using his current username and password. Juniper Networks Secure Access Administration Guide 58 GraceLoginUsed-ppc.thtml Object type Template Usage Required Required variables startPageLink on page 131 Example None Related topics GraceLoginUsed-ppc.thtml on page 58 GraceLoginUsed-ppc.thtml Pocket PC version of GraceLoginUsed.thtml on page 57. Object type Template Usage Same functionality as in GraceLoginUsed.thtml. Required variables startPageLink on page 131 Example None. Related topics GraceLoginUsed.thtml on page 57 HC_REMED_POLICIES_CHECK Default text to suggest that policies are being evaluated. Object Type Template variable Included in Remediate.thtml Usage Optional Example The following code checks to see if the page is loading. If yes, then the page displays several messages, including the default text to suggest that the IVE is evaluating policies: <% IF showLoading %> <% loading %> <% pleasewait %> <% HC_REMED_POLICIES_CHECK %> <% END %> Related topics HC_REMED_SHOW_ADV_PREFS on page 58 Remediate.thtml on page 105 HC_REMED_SHOW_ADV_PREFS Default text instructing how to re-enable remediation. hcInAcTimeout 59 Juniper Networks Secure Access Administration Guide Object Type Template variable Included in Remediate.thtml Usage Optional Example The following code illustrates how to call the variable to display instructions to re- enable remediation: <% IF showRemedOption %> <input name="btnHideRemed" type="button" value="<% textRemedOption %>" onClick="HideRemed(); <% disabled %>"> <% HC_REMED_SHOW_ADV_PREFS %> <% END %> Related topics HC_REMED_SHOW_ADV_PREFS on page 58 Remediate.thtml on page 105 hcInAcTimeout Specifies the Host Checker login inactivity in minutes. Object Type Template variable Included in LoginPage.thtml Usage Required Example The following code sets the timeout interval to 60000 milliseconds times the smaller value of ccInAcTimeout or hcInAcTimeout. <% IF hcInAcTimeout > ccInAcTimeout %> window.setTimeout("deletepreauth();", 60000 * <% ccInAcTimeout %>); <% ELSE %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> Related topics LoginPage.thtml on page 68 hcRunning Specifies whether or not Host Checker is currently running. Object Type Template variable Included in LoginPage.thtml Usage Required Example The following code sets the timeout interval based on whether Host Checker and Cache Cleaner are both running or only Host Checker. Juniper Networks Secure Access Administration Guide 60 heading <% IF hcRunning && ccRunning %> <% IF hcInAcTimeout > ccInAcTimeout %> window.setTimeout("deletepreauth();", 60000 * <% ccInAcTimeout %>); <% ELSE %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> <% ELSIF hcRunning %> window.setTimeout("deletepreauth();", 60000 * <% hcInAcTimeout %>); <% END %> Related topics LoginPage.thtml on page 68 heading Contains default text for the different remediation headings. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code shows a heading and a message if the showHeading variable is true: <% IF showHeading %> <% heading %> <% msg FILTER verbatim %> <% END %> Related topics showHeading on page 121 help String to use as the button name. Object Type Template variable Default value Help Included in LoginPage.thtml, SecondaryLoginPage.thtml Usage Optional Example The string Help (the default value of the help variable) is displayed on the button. <input type='submit' name='help' value="<% help %>" Related topics Adding custom help files on page 4 help_on 61 Juniper Networks Secure Access Administration Guide help_on Flag that determines whether the help button should be displayed. Object Type Template variable Default value 0 (integer) Included in Loginpage.thtml, SecondaryLoginPage.thtml Usage Optional Example The following code displays a help button if the help_on variable is true. <% IF help_on %> <input type='submit' name='help' value="<% help %>" onclick='window.open("welcome.cgi?p=help", "wndHelp", "height=400,width=500,resizeable=yes,scrollbars=yes"); return false;'> Related topics Adding custom help files on page 4 HideRemed( ) Submits the hidden form when the end-user clicks the Hide Remediation button. Object Type JavaScript function Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code calls the HideRemed() function: <% IF showRemedOption %> <input name="btnHideRemed" type="button" value="<% textRemedOption %>" onClick="HideRemed(); <% disabled %>"> <% HC_REMED_SHOW_ADV_PREFS %> <% END %> Related topics Remediate.thtml on page 105 Home References the top-level directory in the zip file. Object type Template variable Included in All templates Juniper Networks Secure Access Administration Guide 62 ie Usage You can use this variable or the double-dot (..) convention to reference the top-level directory. Example Both of the following references are valid: <% Home %>/images/logo.gif ../images/logo.gif Related topics Using the Template Toolkit on page 4 ie Boolean variable that indicates whether or not the browser is the Microsoft Internet Explorer. Object Type Template variable Included in LoginMeeting.thtml Usage Required Example The following example checks to see if the browser is Internet Explorer, and if it is, enables ActiveX. <% IF ie %> <OBJECT <% activex_ini FILTER verbatim%> </OBJECT> <% END %> Related topics ie_winxp on page 62 ie_winxp Boolean indicating if the browser is Internet Explorer and the OS is Windows XP. Object Type Template variable Included in PleaseWait.thtml Usage Optional. The variable value is 1 if the browser is Internet Explorer and the OS is Windows XP. Example <% IF ie_winxp %> Related topics PleaseWait.thtml on page 97 install Boolean indicating whether or not the meeting applet should be installed. instanceId 63 Juniper Networks Secure Access Administration Guide Object Type Template variable Included in MeetingAppletInstaller.thtml, MeetingRun.thtml Usage Required Example <% IF install %> Related topics MeetingAppletInstaller.thtml on page 75 MeetingRun.thtml on page 76 instanceId Contains the ID of the current meeting instance. Object Type Template variable Included in MeetingAppletInstaller.thtml Usage Required Example <PARAM NAME="Parameter0" VALUE="meeting_id=<% instanceId %>; user_name=<%username%>;cert_md5=<%cert_md5%>; ncp_read_timeout=<%ncp_read_timeout%>"> Related topics MeetingAppletInstaller.thtml on page 75 instructions Instructional text displayed to the user on the login page. Object Type Template variable Default Value Please sign in to begin your secure session Included in LoginPage.thtml Usage Optional Example <% instructions FILTER verbatim %> Related topics None isLinux Boolean indicating whether or not the end-users operating system is a Linux system. Object Type Template variable Juniper Networks Secure Access Administration Guide 64 isSAMEnabled Included in PleaseWait.thtml Usage Optional Example <% isLinux %> Related topics PleaseWait.thtml on page 97 isSAMEnabled Boolean indicating whether or not JSAM application is enabled and running. Object Type Template variable Included in Logout.thtml Usage Optional. Allows the end-user to close the JSAM window. Example The following code checks to see if JSAM is enabled and running. If it is, then the system uses the JavaScript below to close the JSAM window: <% IF isSAMEnabled %> <!-- terminate JSAM --> <SCRIPT LANGUAGE="JavaScript"> var win = "<%user%>"; win = win.replace(/[^0-9a-zA-Z]/g,"a"); w = window.open("", win ,"height=1,width=1"); if (w) { w.bSessionClose = true; w.close(); } </SCRIPT> <% END %> Related topics Logout.thtml on page 73 keyboard.js Enables keyboard types of functions for a mouseless environment. Object type JavaScript file Included in LoginPage.thtml (Kiosk) Usage Required in Kiosk zip. This template displays an error if the user signs out, if the users session times out, or if the IVE uninstalls Host Checker or Cache Cleaner from the users system. For more detailed information, see Logout.thtml on page 73. You must always include this template in your Kiosk.zip file. Example None Related topics LoginPage.thtml on page 68 labelInstructions 65 Juniper Networks Secure Access Administration Guide labelInstructions Instructions tag, indicating a location for instructions to appear on the page. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Optional Example The following code loops through a list of failed policies, displays each policy name and remediation instructions: <% FOREACH failedPolicy = listFailedPolicies %> <% loop.count %> <% failedPolicy.name %> <% labelInstructions %> <% failedPolicy.remediation FILTER verbatim%> <% END %> Related topics Remediate.thtml on page 105 listFailedPolicies Template Toolkit hash value of failed policies (keys: name and remediation). Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following example checks to see if the page should show failed policies and, if so, loops through the list of failed policies (the hash list listFailedPolicies) and displays the name of each policy along with label instructions and remediation instructions: <% IF showPolicies %> <% FOREACH failedPolicy = listFailedPolicies %> <% loop.count %> <% failedPolicy.name %> <% labelInstructions %>: <% failedPolicy.remediation FILTER verbatim%> <% END %> Related topics Remediate.thtml on page 105 loading Contains default text to be printed when ActiveX/applet is loading. Juniper Networks Secure Access Administration Guide 66 locale Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Optional Example The following code tests to see if the page is still loading and displays messages to the end-user: <% IF showLoading %> <% loading %> <% pleasewait %> Related topics Remediate.thtml on page 105 locale Returns a locale that applies to an applet the page is attempting to upload. Object Type Template variable Included in Logout.thtml, MeetingAppletInstaller.thtml, MeetingTrouble.thtml Usage Required Example The following code sets the HTML form locale based on the template variable: <PARAM NAME="locale" VALUE="<% locale %>"> Related topics safari on page 108 loginmode Passes the users mode to the server using a hidden value. Object Type HTML form field Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml, Defender.thtml, Defender-ppc.thtml, SM- NewPinSelect.thtml, SM-NewPinSelect-ppc.thtml, SM-NewPinSystem.thtml, SM- NewPinSystem-ppc.thtml, SM-NewUserPin.thtml, SM-NewUserPin-ppc.thtml, SM- NextToken.thtml, SM-NextToken-ppc.thtml Usage Required. Typically names a template directive that returns the users login mode from a server. Example The following code assigns the secure ID loginmode to the form field: <INPUT type=hidden name="loginmode" value="<% secid_loginmode %>"> Related topics secid_loginmode on page 110 Login() 67 Juniper Networks Secure Access Administration Guide Login() Verifies that realms exist, remembers currently selected authentication realms, and establishes the users time zone. Object type JavaScript function Included in LoginPage.thtml, LoginPage-ppc.thtml Usage Required. This function includes two actions: Remember the selected authentication realmUse this action within the function if you want to allow users to select from multiple realms in the sign-in page. Establish the users time zoneRequired. The function uses the tz_offset (time zone offset) variable and getTimezoneOffset() function to determine the users time zone. Example function Login() { // Remember currently selected auth realm if (document.frmLogin.realm != null && document.frmLogin.realm.type == "select-one") { SetLastRealm( document.frmLogin.realm.options [document.frmLogin.realm.selectedIndex].text); } if (document.frmLogin.tz_offset != null) { var wdate = new Date (95, 12, 1); var sdate = new Date (95, 6, 1); var winter = (-1) * wdate.getTimezoneOffset(); var summer = (-1) * sdate.getTimezoneOffset(); document.frmLogin.tz_offset.value = winter < summer ? winter : summer; } return true; } Related topics LoginPage.thtml on page 68 LoginMeeting.thtml Displays the user credentials form to enable a user to sign in to a meeting. Object Type Template file Usage Required in the uploaded Meeting.zip. This template provides a page on which the end-user can enter credentials to gain access to a meeting. The form action must specify login_meeting.cgi. The template includes the JavaScript function grab(), which checks to see which type of browser the user is running, and if ActiveX, Java, and cookies are enabled, depending on the browser type. Juniper Networks Secure Access Administration Guide 68 LoginPage.thtml You can modify the alert contained in the required JavaScript. The alert is: alert("You must enable cookies through your Web browser in order to sign into the meeting."); Required variables activex_ini on page 36 cboxuser on page 41 focus on page 51 Home on page 61 ie on page 62 mid on page 81 mid_param on page 81 occurrence on page 89 username on page 140 Example None Related topics grab() on page 56 LoginPage.thtml Calls the RSA Soft ID client, enabling the user to sign into the IVE using Soft ID authentication. Object type Template Usage Required. You must always include this template in your zip file. You must always include LoginPage.thtml in your zip file, even if you are using an authentication server that does not require a username or password. This is the standard IVE sign- in page that collects the users name, password, and authentication realm, and displays an error if authentication fails. For information about hiding this page from users authenticated against a(n): Anonymous server, see AnonymousAuthentication on page 37 Certificate server, see CertificateAuthentication on page 43 eTrust SiteMinder server using client-side certificate authentication, see Login() on page 67 LoginPage.thtml contains the following suggested form definition. In this form definition, most elements are required: <form name="frmLogin" action="login.cgi" method="post" autocomplete="off" onsubmit="return Login()"> LoginPage-ppc.thtml 69 Juniper Networks Secure Access Administration Guide Required variables LoginPageErrorMessage on page 72 Example None Related topics Login() on page 67 LoginPage-ppc.thtml on page 69 LoginPage-ppc.thtml Calls the RSA Soft ID client, enabling the user to sign into the IVE using Soft ID authentication. Pocket PC version of LoginPage.thtml on page 68. Object type Template Usage Required. Unlike LoginPage.thtml, however, the Pocket PC version of this template excludes the Account Disabled verification. If you are customizing any sign-in pages for the Pocket PC, you must always include LoginPage-ppc.thtml in your zip file, even if you are using an authentication server that does not require a username or password. This is the standard IVE sign-in page that collects the users name, password, and authentication realm, and displays an error if authentication fails. For information about hiding this page from users authenticated against a(n): Anonymous server, see AnonymousAuthentication on page 37 Certificate server, see CertificateAuthentication on page 43 eTrust SiteMinder server using client-side certificate authentication, see Login() on page 67. Required variables LoginPageErrorMessage on page 72 Example None Related topics LoginPage.thtml on page 68 LoginPageErrorArgs Contains the arguments for an error or message. Object Type Template variable Included in GraceLoginUsed.thtml, GraceLoginUsed-ppc.thtml, PasswordExpiration.thtml, PasswordExpiration-ppc.thtml Usage Optional Example In the following example, GraceLoginsRemaining is the argument to error code 2016. The directive that contains LoginPageErrorArgs.GraceLoginsRemaining returns the number of remaining login attempts the IVE allows a user. <% IF LoginPageErrorCode == 2016 %> Your password has expired. A grace login was used. Juniper Networks Secure Access Administration Guide 70 LoginPageErrorCode You have <% LoginPageErrorArgs.GraceLoginsRemaining %> grace logins remaining. <% ELSE %> <% LoginPageErrorMessage %> <% END %> Related topics LoginPageErrorCode on page 70 LoginPageErrorCode Codes indicating errors that you can display to users. Object type Template variable Included in ExceededConcurrent.thtml, GraceLoginUsed-ppc.thtml, GraceLoginUsed.thtml, LoginPage.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml, SSL.thtml Usage Optional. Although this template variable is optional, you should leave intact the template variables that are already included in the various templates. You can modify many of the error messages, but you must leave the codes as defined. The IVE returns these codes on various conditions. Some may be no more than confirmation messages. Others are conditions to which the user needs to respond. Example The following example shows how you can use the Template Toolkit conditional statements to define two alternate error conditions. In this example, the different error codes display appropriate HTML pages. If the IVE does not return either of the error codes, the user never sees the two error pages. <head> <% IF LoginPageErrorCode == 1021%> <meta http-equiv=refresh content=0;url=AcctDisabledError.html> LoginPageErrorCode 71 Juniper Networks Secure Access Administration Guide Table 5 lists possible errors that the user may see on this page as well as the corresponding text returned by the LoginPageErrorMessage variable: Table 5: Login error messages, codes, and related notes Error message Error Code Comments Invalid Username or Password 1002 Wrong user credentials. This login requires a digital certificate. 1003 Client certificate not passed for authentication. The digital certificate is invalid. 1004 Only admins are permitted to login. 1006 Logins are not permitted from this IP address. 1007 The source IP failed the IP Restriction check. Logins are not permitted using this browser 1008 The User Agent header failed the User Agent Restriction check. There are no auth servers defined for this user. 1009 Displayed if a realm is not sent to the IVE. This error is only displayed if a coding error exists in LoginPage.thtml. Exceeded the number of concurrent users. 1010 Exceeded the number of concurrent users based on the user license plus a 10% allowance. The IP has been blocked due too many concurrent sign-in attempts. 1011 The password is too short. 1012 The password failed the Password Restriction check. When using eTrust auto-signon, the end-user should never see this event. Not using SSLv3 1015 This site requires Secure Sockets Layer (SSL) protocol version 3. This site requires Strong ciphers. 1016 Too many users have logged in 1017 The number of concurrent users signed in to the system has exceeded the system limit but is still within the 10% allowance. Sign on for administrators is disabled. You can try again in a few minutes. 1018 Displayed when a super administrator is signed in and the IVE is in recovery mode. Your New PIN has been saved. Please make sure to remember it. 1019 Only used with ACE authentication. Password Change Success 1020 Used with the password management feature. Account Disabled 1021 Used with the password management feature. Account Locked Out 1022 Used with the password management feature. Account Expired 1023 Used with the password management feature. Juniper Networks Secure Access Administration Guide 72 LoginPageErrorMessage Related topics LoginPageErrorMessage on page 72 LoginPageErrorMessage IVE error message text that you can display to users. Object type Template variable Included in ExceededConcurrent-ppc.thtml, ExceededConcurrent.thtml, GraceLoginUsed-ppc.thtml, GraceLoginUsed.thtml, LoginPage-ppc.thtml, LoginPage.thtml, Logout-ppc.thtml, Logout.thtml, PleaseWait.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml, SSL-ppc.thtml, SSL.thtmlUsage IVE session has been terminated. 1024 End-user explicitly logged off. You do not have permission to login. 1025 This event can be triggered when the client machine does not pass any realm restrictions (hence, no realm), or does not satisfy any end-point security policies (HC/CC). This realm has reached the max session limit. 1027 Exceeded maximum number of users for this authentication realm. Unlicensed Feature 1028 License required to use this access method is missing. Access denied. Please try signing in again using a host name (for example, https://department.yourcompany) instead of an IP address (such as http://10.11.12.13) 1029 Only used with eTrust SiteMinder authentication. You do not have the correct privileges to access the system. Please contact your administrator for more information. 1030 The end-user is not allowed to sign in because the role mapping rules of the authentication realm do not map the end-user to any role. Certificate has been revoked. 1032 The client certificate has been revoked. Cannot determine the status of your certificate. 1033 The IVE encountered a failure while performing an OCSP check. You must use your source site's Intersite Transfer Service to access this resource. 1034 The IVE cannot access any SAML assertion while performing SAML SSO. The user is prompted to access the source site's Intersite Transfer Service to continue. The number of concurrent Advanced Endpoint Defense (Malware Protection) users signed into the system has exceeded the system limit. 1035 This event will be triggered only when the feature is turned ON. The system limit is built-in 25 user license plus any purchased Advanced Endpoint Defense user license. Table 5: Login error messages, codes, and related notes (Continued) Error message Error Code Comments login_required 73 Juniper Networks Secure Access Administration Guide Required. This text corresponds with a code returned by LoginPageErrorCode. Note that you cannot change this text on the IVE, but you can include code in your template to display different text based on the error code returned by the LoginPageErrorCode variable. You can also use the variable in a directive to display an error message in a particular location or based on a given event. Example The following code prompts the user to re-enter credentials or to sign in at another time. Note that the messages can be whatever you want them to be: <% IF LoginPageErrorCode == 1002 %> <b> Your username or password is incorrect. Please reenter your credentials. </b> <%ELSIF LoginPageErrorCode == 1006 %> <b> The system is undergoing maintenance. Only administrators are allowed to sign in at this time.</b> <% END %> The following code tests the pleasewait condition and, if true, displays the Login page error message that occurs as a result: if (document.getElementById('pleasewait1')) { document.getElementById('pleasewait1').innerHTML = "<% LoginPageErrorMessage FILTER verbatim%>"; } Related topics LoginPageErrorCode on page 70 login_required Boolean indicating whether or not login to the meeting session is required. Object Type Template variable Included in MeetingRunJava.thtml Usage Required Example The following example checks to see if login is required. If yes, then the page redirects the user back to the meeting sign-in page: <% IF login_required %> redirectParent(); <% END %> Related topics MeetingRunJava.thtml on page 77 Logout.thtml Displays an error if the user signs out, if the users session times out, or if the IVE uninstalls Host Checker or Cache Cleaner from the users system. Object type Template Juniper Networks Secure Access Administration Guide 74 Logout.thtml Usage Required. You must always include Logout.thtml in your zip file. This template contains JavaScript for detecting, stopping, installing, and uninstalling the Host Checker and Cache Cleaner components, images and text to display to users while the IVE performs these actions, and JavaScript that closes and opens the J-SAM window. This template also includes variables telling users to wait while components install, a link that users can use to sign back into the IVE, and error message variables. When configuring the LoginPageErrorMessage variable included in this template, note that the text that the IVE displays to users corresponds with a code returned by LoginPageErrorCode. You cannot change this text on the IVE, but you can include code in your template to display different text based on the error code returned by the LoginPageErrorCode variable. For example: <% IF LoginPageErrorCode == 1001 %> <b> Your secure gateway session has ended due to inactivity.</b> <% END %> Described below are the possible errors that the LoginPageErrorCode may return as well as the corresponding text returned by the LoginPageErrorMessage variable: For detailed information about the JavaScript and variables described here, see comments in the template. Required variables delivery_mode on page 47 geckoBrowser on page 54 locale on page 66 LoginPageErrorMessage on page 72 nc_logging on page 83 Netscape4xx on page 87 pleasewaitLogoutJSCode on page 99 PleaseWaitObjectCC on page 99 pleasewaitWin32 on page 100 safari on page 108 Setupappversion on page 118 Table 6: Additional login error messages and codes Error Message Error Code Maximum Session Timeout Reached. 1000 Idle Time Out. 1001 Logout-ppc.thtml 75 Juniper Networks Secure Access Administration Guide UninstallCC on page 139 Example None Related topics Logout-ppc.thtml on page 75 Logout-ppc.thtml Displays a message when the user signs out. Pocket PC version of Logout.thtml on page 73. Object type Template Usage This version of the logout template does not include any of the authentication and application checks that Logout.thtml performs. When you visually compare the two files, you can see that the Pocket PC version excludes all of the JavaScript functions for checking application status. Required variables delivery_mode on page 47 geckoBrowser on page 54 locale on page 66 LoginPageErrorMessage on page 72 nc_logging on page 83 Netscape4xx on page 87 pleasewaitLogoutJSCode on page 99 PleaseWaitObjectCC on page 99 pleasewaitWin32 on page 100 safari on page 108 Setupappversion on page 118 UninstallCC on page 139 Example None Related topics Logout.thtml on page 73 MeetingAppletInstaller.thtml Enables IVE to display list of and install meeting-related applets. Object type Template Juniper Networks Secure Access Administration Guide 76 MeetingRun.thtml Usage Required. The page displays troubleshooting messages if the applets do not install. You cannot change the text, as the IVE generates the troubleshooting messages. You can, however, add links if you want to provide additional meeting-related applets to your users. These applets are not covered by the certificate validation the IVE performs on Juniper-supplied applets. Required variables applet_ini on page 37 cert_md5 on page 42 install on page 62 instanceId on page 63 locale on page 66 ncp_read_timeout on page 83 username on page 140 startSessionReDir on page 131 text troubleshooting on page 136 uninstallReDir Example None Related topics MeetingRun.thtml on page 76 MeetingSelect.thtml on page 78 MeetingRun.thtml Tests Sun JVM compatibility. Object type Template Usage Required Required variables errors expired on page 49 Home on page 61 message on page 80 mid on page 81 occurrence on page 89 MeetingRunJava.thtml 77 Juniper Networks Secure Access Administration Guide title type on page 137 username on page 140 warnings on page 140 Example None Related topics LoginMeeting.thtml on page 67 MeetingRunJava.thtml Launches the Meeting Java client. Object type Template Usage Required Required variables appstr on page 38 href login_required on page 73 url Example None Related topics LoginMeeting.thtml on page 67 meetings Returns an array of meetings that the MeetingSelect.thtml template uses as a way to cycle through logins to active meetings. Object Type Template variable Included in MeetingSelect.thtml Usage Required. You should not modify or delete this variable. Example The following code returns a list of instantiated meetings: <% IF rows %> <% FOREACH meeting = meetings %> <input type="button" value=" > " onclick= "self.location='/dana-na/meeting/<%signin%>login_meeting.cgi? mid=<%mid%>&occurrence=<%meeting.3%><%params%>'"> <%started%> <%meeting.0%> <%meeting.1%> Juniper Networks Secure Access Administration Guide 78 MeetingSelect.thtml <%meeting.2%> <% END %> <%END%> Related topics rows on page 108 MeetingSelect.thtml Enables user to select recurring meeting occurrences. Object type Template Usage Required Required variables meetings on page 77 mid on page 81 params on page 92 rows on page 108 started on page 130 text title Example None Related topics LoginMeeting.thtml on page 67 MeetingTestJava.thtml Tests Sun JVM compatibility. Object type Template Usage Required Required variables mid on page 81 mid_param on page 81 testjava_ini on page 133 Example None Related topics LoginMeeting.thtml on page 67 MeetingTestJS.thtml 79 Juniper Networks Secure Access Administration Guide MeetingTestJS.thtml This is the first page in the platform compatibility checker sequence. Tests JavaScript compatibility. Object type Template Usage Required. If the end-users browser does not support JavaScript, or if they need to enable JavaScript functionality in their browser, this template displays appropriate messages depending on the browser type and the problem, and offers hints to address the problem. Required variables activex_ini on page 36 mid on page 81 mid_param on page 81 win32 on page 141 Example None Related topics LoginMeeting.thtml on page 67 MeetingTestMSJava.thtml Tests Microsoft JVM compatibility. Object type Template Usage Required Required variables applet_ini on page 37 mid on page 81 mid_param on page 81 Example None Related topics LoginMeeting.thtml on page 67 MeetingTestResult.thtml Displays Meeting test results. Object type Template Usage Required Required variables check on page 44 Juniper Networks Secure Access Administration Guide 80 MeetingTrouble.thtml message on page 80 remedy1 on page 106 remedy2 on page 107 Example None Related topics MeetingTestMSJava.thtml on page 79 MeetingTestJava.thtml on page 78 MeetingTestJS.thtml on page 79 MeetingTestResult.thtml on page 79 MeetingTrouble.thtml Template Page for the Meeting Test Result page. Object type Template Usage Required Required variables Home on page 61 locale on page 66 mid on page 81 midStr on page 82 occurrence on page 89 startSessionReDir on page 131 type on page 137 uninstall_action on page 137 uninstallReDir on page 139 Example None Related topics MeetingTestResult.thtml on page 79 message Returns a message based on a server response. Object Type Template variable mid 81 Juniper Networks Secure Access Administration Guide Included in MeetingRun.thtml, MeetingTestResult.thtml, SecondaryLoginPage.thtml, SecondaryLoginPage-ppc.thtml Usage Optional Example <% IF message %> <% message %> <% END %> Related topics MeetingRun.thtml on page 76 MeetingTestResult.thtml on page 79 SecondaryLoginPage.thtml on page 113 mid Contains the meeting ID. Object Type Template variable Included in LoginMeeting.thtml, MeetingRun.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml, MeetingTestMSJava.thtml, MeetingTrouble.thtml, PasswordChange-ppc.thtml, PasswordChange.thtml Usage Required Example The following code assigns the meeting ID to a form input object: <input type="hidden" name="mid" value="<% mid %>"> Related topics LoginMeeting.thtml on page 67 MeetingRun.thtml on page 76 MeetingTestJava.thtml on page 78 MeetingTestJS.thtml on page 79 MeetingTestMSJava.thtml on page 79 MeetingTrouble.thtml on page 80 PasswordChange.thtml on page 93 mid_param Contains the URL parameters for the platform compatibility checker page. Object Type Template variable Included in LoginMeeting.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml, MeetingTestMSJava.thtml Juniper Networks Secure Access Administration Guide 82 midStr Usage Required Example The following code passes the meeting ID URL to the JavaScript compatibility CGI: <a href="/dana-na/meeting/<% signin %>meeting_testjs.cgi<% mid_param %>"> Check Meeting Compatibility Related topics mid on page 81 midStr Contains the URL parameter for the meeting. Object Type Template variable Included in MeetingTrouble.thtml Usage Required Example The following line shows how the midStr variable is appended to a CGI URL, to send the user to the correct compatibility checker for the current meeting. Use the <a href="/dana-na/meeting/meeting_testjs.cgi<% midStr %>"> compatibility checker</a> to see if you need to upgrade any of your components. Related topics MeetingTrouble.thtml on page 80 MinimumPasswordLength Argument for error code 2006. The argument is the minimum length of password required. Object Type Template variable Included in PasswordChange.thtml, PasswordChange-ppc.thtml Usage Optional Example None Related topics LoginPageErrorCode on page 70 PasswordChange.thtml on page 93 msg Contains any extra remediation related default instructions. Object Type Template variable nc_logging 83 Juniper Networks Secure Access Administration Guide Included in Remediate.thtml Usage Optional Example The following code checks to see if a heading is to be shown. If yes, then the page displays the heading, followed by any remediation message that might be available. <% IF showHeading %> <% heading %> <% msg FILTER verbatim %> <% END %> Related topics Remediate.thtml on page 105 nc_logging Initiates Network Connect logging. Object Type Template variable Included in Logout.thtml Usage Optional. Available when the user signs out of a session from a Macintosh Safari browser. Network Connect logging is initiated and the log captured. Example None Related topics safari on page 108 ncp_read_timeout Determines the read timeout value over the Network Control Protocol. Object Type Template variable Included in MeetingAppletInstaller.thtml Usage Required. Passed to MeetingAppletInstaller.thtml when it installs a meeting applet. Example <% IF install %> <APPLET <% applet_ini FILTER verbatim %> <PARAM NAME="Parameter0" VALUE="meeting_id=<%instanceId%>;user_name=<%username%>; cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"> <PARAM NAME="StartSessionReDir" VALUE="<%startSessionReDir%>"> <PARAM NAME="UninstallReDir" VALUE="<%uninstallReDir%>"> <PARAM NAME="locale" VALUE="<%locale%>"> </APPLET> Related topics MeetingAppletInstaller.thtml on page 75 Juniper Networks Secure Access Administration Guide 84 netacekey netacekey Passes the users eTrust ACE key to the server using a hidden value. Object Type HTML form field Included in SM-NewUserPin.thtml, SM-NewPinSelect.thtml, SM-NextToken.thtml Usage Required. The form assigns the netesecid_key value to netacekey. Example The following example shows the use of netacekey in the INPUT statement: <INPUT type=hidden name="neteacekey" value="<% netesecid_key %>"> Related topics netesecid_key on page 84 netesecid_key Contains the users eTrust ACE key. Object Type Template variable Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Required. The value is passed by the page to the server. Example The following example shows the use of netesecid_key in the INPUT statement: <INPUT type=hidden name="neteacekey" value="<% netesecid_key %>"> Related topics netacekey on page 84 netesecid_loginmode Returns a value of Next Token mode or New PIN mode. Object Type Template variable Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Required. You must send this value to the server, but if you do not want to expose it to the user, you may send it as a hidden form field. Example The following hidden INPUT statement sets the login mode based on the netesecid_loginmode variable. <INPUT type=hidden name="loginmode" value="<% netesecid_loginmode %>"> netesecid_pinerr 85 Juniper Networks Secure Access Administration Guide Related topics loginmode on page 66 netesecid_pinerr Error code and corresponding message that informs the user that he mis-entered his PIN. Object Type Template variable Included in SM-NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Optional Example The following code checks the value of netesecid_pinerr, a boolean, to see if the PIN the user enters matches the PIN on the authentication server: <% IF netesecid_pinerr == 0 %> <IMG border='0' src='imgs/custom-loginfo.gif' alt='Info' width='21' height='20'> New PIN Assignment <% ELSIF netesecid_pinerr == 1 %> The Two PINs Entered Do Not Match <% END %> Related topics SM-NewUserPin.thtml on page 125 netesecid_realm The users realm. Object Type Template variable Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Optional Example The following code shows the configuration of the page based on various server- provided values: <FORM name="frmNewPin" action="login.cgi" method="POST" autocomplete=off> <INPUT type=hidden name="loginmode" value="<% netesecid_loginmode %>"> <INPUT type=hidden name="realm" value="<% netesecid_realm %>"> <INPUT type=hidden name="neteacekey" value="<% netesecid_key %>"> Related topics SM-NewUserPin.thtml on page 125 SM-NextToken.thtml on page 126 Juniper Networks Secure Access Administration Guide 86 netesecid_username netesecid_username The users username. Object Type Template variable Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Optional Example The following INPUT statement assigns the netesecid_username to the form username field: <INPUT type="text" name="username" value="<% netesecid_username %>"> Related topics netesecid_realm on page 85 netesecidactionCancel Cancels a eTrust secure ID action currently in progress. Object Type HTML form field Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Required. The value of either this field or of netesecidactionEnter must be sent to the server: <INPUT type="submit" value="Cancel" name="netesecidactionCancel"> Related topics netesecidactionEnter on page 86 netesecidactionEnter Initiates the submission of the current eTrust secure ID action. Object Type HTML form field Included in SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Required. The value of either this field or of netesecidactionCancel must be sent to the server. Example <INPUT type="submit" value="Enter" name="netesecidactionEnter"> Netscape4xx 87 Juniper Networks Secure Access Administration Guide Related topics netesecidactionCancel on page 86 Netscape4xx Checks for Netscape version 4.x browser. Object Type Template variable Included in Logout.thtml Usage Required. Checks to see if the users browser is Netscape version 4.x. If so, then, on logout, error messages are passed to the page in a compatible way. Example None Related topics Logout.thtml on page 73 NewPin.thtml Prompts ACE users to enter a new PIN or create a system-generated PIN before signing into the IVE. Object type Template Usage Required. When configuring the secid_pinselectmode variable (which sets the users PIN select mode), note that possible values include: When configuring the secid_pinserr variable (which stores the error code and message that informs the user if he mis-entered his PIN), note that possible values include: Required variables secid_contextid on page 109 secid_loginmode on page 110 Table 7: PIN error messages Mode Description 0 User must use the system-generated PIN. He cannot enter his own PIN. 1 User may enter his own PIN or use the system-generated PIN. 2 User must enter his own PIN. He cannot use the system-generated PIN. Table 8: Additional PIN error messages Code Value 0 New PIN is required. 1 The two PINs entered do not match. 2 PIN Format is invalid. 3 PIN length is invalid. Juniper Networks Secure Access Administration Guide 88 NewPin-ppc.thtml Example None Related topics NewPin-ppc.thtml on page 88 NewPin-ppc.thtml Prompts ACE users to enter a new PIN or create a system-generated PIN before signing into the IVE. Pocket PC version of NewPin.thtml on page 87. Object type Template Usage Required. This template When configuring the secid_pinselectmode variable (which sets the users PIN select mode), note that possible values include: When configuring the secid_pinserr variable (which stores the error code and message that informs the user if he mis-entered his PIN), note that possible values include: Required variables secid_contextid on page 109 secid_loginmode on page 110 Example None Related topics NewPin.thtml on page 87 NextToken.thtml Prompts the user to verify his credentials by entering his SecureID token code. Object type Template Usage Optional. Although this template is optional, you should always include it in the zip file that you upload to the IVE. Table 9: PIN error messages Mode Description 0 User must use the system-generated PIN. He cannot enter his own PIN. 1 User may enter his own PIN or use the system-generated PIN. 2 User must enter his own PIN. He cannot use the system-generated PIN. Table 10: Additional PIN error messages Code Value 0 New PIN is required. 1 The two PINs entered do not match. 2 PIN Format is invalid. 3 PIN length is invalid. NextToken-ppc.thtml 89 Juniper Networks Secure Access Administration Guide Required variables secid_contextid on page 109 secid_loginmode on page 110 Example None Related topics NextToken-ppc.thtml on page 89 NextToken-ppc.thtml Prompts the user to verify his credentials by entering his SecureID token code. Pocket PC version of NextToken.thtml on page 88. Object type Template Usage Optional. Although this template is optional, you should always include it in the zip file that you upload to the IVE. Required variables secid_contextid on page 109 secid_loginmode on page 110 Example None Related topics NextToken.thtml on page 88 occurrence Contains the recurring meeting occurrence ID. Object Type Template variable Included in LoginMeeting.thtml, MeetingRun.thtml, MeetingSelect.thtml, MeetingTrouble.thtml Usage Required Example The following code shows how the occurrence variable is used in an INPUT statement: <input type="hidden" name="occurrence" value="<% occurrence %>"> Related topics mid on page 81 onsubmit Event trigger in a form. Object type HTML form element Juniper Networks Secure Access Administration Guide 90 p Included in GeneratePin-ppc.thtml, GeneratePin.thtml, LoginPage-ppc.thtml, LoginPage.thtml, NewPin-ppc.thtml, NewPin.thtml, NextToken-ppc.thtml, NextToken.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml Usage Required if you are using Secure Meeting) Returns the time zone offset value set by the Login() function. Example The following code shows a typical use of onsubmit: onsubmit="return Login()" Related topics None p Specifies the page name as CASQUEAPP. Object Type HTML form field Included in Defender.thtml, Defender-ppc.thtml Usage Required Example The following code assigns the value CASQUEAPP to the form INPUT field p: <INPUT type=hidden name="p" value="casqueapp"> Related topics secid_challenge on page 109 PageErrorArgs Contains the arguments for an error or message. Object Type Template variable Included in PasswordChange.thtml, PasswordChange-ppc.thtml Usage Optional Example The following code checks to see if a password length error occurs, then displays an informational message: <% IF PageErrorCode == 2015 %> New password must not be longer than <% PageErrorArgs.MaximumPasswordLength %> characters. Related topics PageErrorCode on page 91 PasswordChange.thtml on page 93 PageErrorCode 91 Juniper Networks Secure Access Administration Guide PageErrorCode Contains the error code in case of an error or message. Object Type Template variable Included in LoginPage.thtml, PasswordChange-ppc.thtml, PasswordChange.thtml Usage Optional For more errors and messages, see LoginPageErrorCode on page 70 and LoginPageErrorMessage on page 72. Example You cannot change the messages that appear in Table 11, but you can create your own messages and include them in your customized pages. For example: <% IF PageErrorCode == 2009 %> Your password has expired. Please contact your system administrator. <% END %> Related topics LoginPageErrorCode on page 70 LoginPageErrorMessage on page 72 Table 11: Page error codes Error Code Error message 1020 Password Change Success 1021 Account Disabled 1022 Account Locked out 1023 Account Expired 2001 Password Mismatch 2002 Invalid Password 2003 Password Change not allowed 2004 Password too new 2006 Password too short 2007 Password too trivial 2008 Password exists in password history 2009 Password Expired Message 2010 Password must change at next logon message 2011 Password does not meet complexity requirements 2012 Could not connect to auth server to change password 2013 Password change failed 2014 Password successfully changed 2015 Password will expire in some amount of time 2016 You have some number of grace logins. Juniper Networks Secure Access Administration Guide 92 params params Contains parameters required to sign in to a meeting. Object Type Template variable Included in MeetingSelect.thtml Usage Required. Example The following code fills the form with the names of available meeting instances: <% IF rows %> <% FOREACH meeting = meetings %> <input type="button" value=" > " onclick="self.location='/dana-na/meeting/<%signin%>login_meeting.cgi? mid=<%mid%>&occurrence=<% meeting.3 %><% params %>'"> <%started%> <%meeting.0%> <%meeting.1%> <%meeting.2%> <% END %> <%END%> Related topics MeetingSelect.thtml on page 78 password Indicates the password for an optional JavaScript function in the Defender.thtml template. Object type JavaScript variable Included in Defender.thtml Usage Optional Example The header of Defender.thtml contains the following optional function to automatically place the cursor in the password field of the Defender page. If you choose to include this function in the header, you must also call it from the body of Defender.thtml. Also note that you should not change the JavaScript function name, form name, or form field name and that the form and form fields should have the same name. function FinishLoad() { document.frmDefender.password.focus(); } Related topics FinishLoad() on page 50 password 93 Juniper Networks Secure Access Administration Guide password Sets an HTML form field as a password field. Object type Input form field Included in LoginPage.thtml, NewPin-ppc.thtml, NewPin.thtml, NextToken-ppc.thtml, NextToken.thtml, LoginMeeting.thtml, Defender-ppc.thtml, Defender.thtml, PasswordChange-ppc.thtml, PasswordChange.thtml, SM-NewPinSelect-ppc.thtml, SM- NewPinSelect.thtml, SM-NewPinSystem-ppc.thtml, NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, GeneratePin.thtml Usage This field is required for all types of authentication servers except anonymous servers and certificate servers. Example The following code assigns the password field: <input type="password" name="password"> Related topics LoginPage.thtml on page 68 password2 on page 93 password2 Verified password. Object Type HTML form field Included in NewPin-ppc.thtml, NewPin.thtml, SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, GeneratePin.thtml Usage Required. The password2 and password fields pass the password and verified password that the user enters to the server for verification. Example The value of the following fields must match: <INPUT type="password" name="password"> <INPUT type="password" name="password2"> Related topics password on page 93 PasswordChange.thtml Notifies the user that his password is due to expire and prompts him to change it. Object type Template Juniper Networks Secure Access Administration Guide 94 PasswordChange-ppc.thtml Usage Optional. Note that the changePasswordTitle variable in this template specifies whether the changed password is for the users primary or secondary authentication server. When you include this variable in your template, the IVE adds a title to the standard old/new/confirm password text boxes specifying whether the user must change his primary or secondary password. The showChangePasswordTitle variable indicates whether or not to show the change password text. The variable value is true if primary and secondary authentication both exist in the login process. The changePasswordTitle variable is a regular text (title) message that indicates whether the password change page is for a primary or a secondary password. Without this variable, the password change page only displays the old/new/confirm password text boxes and a message above, suggesting that the user change password. With the changePasswordTitle variable, the password change page displays the old/new/confirm password text boxes, a message above suggesting that the user change password, and another heading at the top of that page, stating Change Primary (or Secondary) Password. Required variables None Example None Related topics changePasswordTitle on page 43 PasswordChange-ppc.thtml on page 94 showChangePasswordTitle on page 120 PasswordChange-ppc.thtml Notifies the user that his password is due to expire and prompts him to change it. Pocket PC version of PasswordChange.thtml on page 93. Object type Template Usage Optional. Unlike the PasswordChange.thtml template, does not include a password maximum length check. Note that the changePasswordTitle variable in this template specifies whether the changed password is for the users primary or secondary authentication server. When you include this variable in your template, the IVE adds a title to the standard old/new/confirm password text boxes specifying whether the user must change his primary or secondary password. Required variables None Example None Related topics PasswordChange.thtml on page 93 PasswordComplexityMessage The password complexity message. PasswordExpiration.thtml 95 Juniper Networks Secure Access Administration Guide Object Type Template variable Included in PasswordChange-ppc.thtml, PasswordChange.thtml Usage Optional. Argument for error code 2011. Example The following code notifies the user that the password does not meet complexity requirements: <% IF PageErrorCode == 2011 %> New password not complex enough. Must consist of <% PageErrorArgs.PasswordComplexityMessage %> characters. <% END %> Related topics PageErrorArgs on page 90 PageErrorCode on page 91 PasswordExpiration.thtml Notifies the user that his password has expired and prompts him to change it. Object type Template Usage Optional Required variables startPageLink on page 131 Example None Related topics PasswordExpiration-ppc.thtml on page 95 PasswordExpiration-ppc.thtml Notifies the user that his password has expired and prompts him to change it. Pocket PC version of PasswordExpiration.thtml on page 95. Object type Template Usage Optional. With minor exceptions in format, this template is identical to PasswordExpiration.thtml. Required variables startPageLink on page 131 Example None Related topics PasswordExpiration.thtml on page 95 Juniper Networks Secure Access Administration Guide 96 PasswordExpirationFriendlyTime PasswordExpirationFriendlyTime Message displaying how soon password expires. Object Type Template variable Included in PasswordExpiration.thtml, PasswordExpiration-ppc.thtml Usage Argument for error code 2015. Shows time in days, hours, and minutes. Example The following code checks for error code 2015, and displays a message containing the time remaining before the password expires: <% IF LoginPageErrorCode == 2015 %> Password expires in <% LoginPageErrorArgs.PasswordExpirationFriendlyTime %>. <% END %> Related topics LoginPageErrorArgs on page 69 LoginPageErrorCode on page 70 PasswordExpirationSeconds on page 96 PasswordExpirationSeconds The number of seconds in which the current users password will expire. Object Type Template variable Included in PasswordExpiration.thtml Usage Optional. Argument for error code 2015. Example The following code indicates that the users password will expire in a certain number of seconds: <% IF LoginPageErrorCode == 2015 %> Password will expire in <% LoginPageErrorArgs.PasswordExpirationSeconds %> seconds. <% END %> Related topics LoginPageErrorArgs on page 69 LoginPageErrorCode on page 70 PasswordExpirationFriendlyTime on page 96 PasswordHistoryLength The length of the list of passwords the system has saved for a given end-user. pleasewait 97 Juniper Networks Secure Access Administration Guide Object Type Template variable Included in PasswordChange-ppc.thtml, PasswordChange.thtml Usage Optional. Argument for error code 2008. Some authentication systems save passwords and do not allow an end-user to assign the same password twice in succession, within a certain amount of elapsed time, or as long as the password still exists in the password history list. Example The following code shows the use of PasswordHistoryLength: <% IF PageErrorCode == 2008 %> New password must not repeat previous <% PageErrorArgs.PasswordHistoryLength %> passwords. Related topics PasswordComplexityMessage on page 94 pleasewait Default text printed to the page when either ActiveX or an applet is loading. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code shows a table containing two directives. The first, the loading directive, tests whether or not ActiveX or an applet is loading. If yes, then the pleasewait directive displays a message, prompting the user to wait. <% loading %> <% pleasewait %> Related topics loading on page 65 Remediate.thtml on page 105 PleaseWait.thtml Displays a page asking the user to wait while application components install or uninstall. Object type Template Usage Optional. This template differs from the standard PleaseWait.thtml template in the types and degree of validation and status checking performed while you wait. You may choose to customize this template if you have configured Host Checker or Cache Cleaner at the realm level. Use this page to control Host Checker and Cache Cleaner starts during pre-authentication and post-authentication. Juniper Networks Secure Access Administration Guide 98 PleaseWait-ppc.thtml This template contains JavaScript for detecting, stopping, installing, and uninstalling the Host Checker and Cache Cleaner components as well as images and text to display to users while the IVE performs these actions. This template also contains JavaScript that periodically checks the users status to determine if Host Checker or Cache Cleaner is loaded on his system and redirects him to the sign-in page (welcome.cgi) if necessary. This template also includes variables telling users to wait while components install, an error message variable, a variable storing the time that the page is first loaded, and a status variable for the Host Checker and Cache Cleaner components. For detailed information about the JavaScript and variables described here, see comments in the template. Required variables LoginPageErrorMessage on page 72 PleaseWaitObjectCC on page 99 Example None Related topics Logout.thtml on page 73 PleaseWait-ppc.thtml on page 98 PleaseWait-ppc.thtml Displays a page asking the user to wait while application components install or uninstall. Pocket PC version of PleaseWait.thtml on page 97. Object type Template Usage Optional. This template differs from the standard PleaseWait.thtml template in the types and degree of validation and status checking performed while you wait. You may choose to customize this template if you have configured Host Checker or Cache Cleaner at the realm level. Use this page to control Host Checker and Cache Cleaner starts during pre-authentication and post-authentication. This template contains JavaScript for detecting, stopping, installing, and uninstalling the Host Checker and Cache Cleaner components as well as images and text to display to users while the IVE performs these actions. This template also contains JavaScript that periodically checks the users status to determine if Host Checker or Cache Cleaner is loaded on his system and redirects him to the sign-in page (welcome.cgi) if necessary. This template also includes variables telling users to wait while components install, an error message variable, a variable storing the time that the page is first loaded, and a status variable for the Host Checker and Cache Cleaner components. For detailed information about the JavaScript and variables described here, see comments in the template. Required variables LoginPageErrorMessage on page 72 pleasewaitLogoutJSCode 99 Juniper Networks Secure Access Administration Guide PleaseWaitObjectCC on page 99 Example None Related topics Logout.thtml on page 73 PleaseWait.thtml on page 97 pleasewaitLogoutJSCode JavaScript code for pleasewait logout. Object Type Template variable Included in Logout.thtml Usage Required Example The following code shows the variable passed to the page verbatim, prior to the script section of the HTML page: <html> <head> <meta http-equiv="Content-Language"> <meta http-equiv="Content-Type" content="text/html"> <meta name=robots content="none"> <title>Instant Virtual Extranet</title> <% pleasewaitLogoutJSCode FILTER verbatim %> <%IF pleasewaitObjectHC OR pleasewaitObjectCC OR pleasewaitWin32%> <SCRIPT LANGUAGE="JavaScript"> Related topics Logout.thtml on page 73 PleaseWaitObjectCC on page 99 pleasewaitWin32 on page 100 PleaseWaitObjectCC If a Cache Cleaner object is enabled, this variable contains the Cache Cleaner object tag. Object Type Template variable Included in Logout.thtml, PleaseWait.thtml Usage Required Example The following code checks to see if the Cache Cleaner object is enabled. If so, the code displays a message: <%IF pleasewaitObjectCC %> Juniper Networks Secure Access Administration Guide 100 PleaseWaitObjectHC <span><div id="cc">Cache Cleaner Component</div></span> <%END%> Related topics Logout.thtml on page 73 PleaseWait.thtml on page 97 PleaseWaitObjectHC on page 100 pleasewaitWin32 on page 100 PleaseWaitObjectHC If a Host Checker object is enabled, this variable contains the Host Checker object tag. Object Type Template variable Included in Logout.thtml, PleaseWait.thtml Usage Required Example The following code checks to see if the Host Checker object is enabled. If so, the code displays a message: <%IF pleasewaitObjectHC %> <span><div id="cc">Host Checker Component</div></span> <%END%> Related topics PleaseWait.thtml on page 97 PleaseWaitObjectCC on page 99 pleasewaitWin32 on page 100 pleasewaitWin32 Boolean indicating that you must stop one or more Win32 components from the logout page. Object Type Template variable Included in Logout.thtml Usage Required. Set to 1 if any components need to be stopped. Example The following code checks to see if any of the components are causing the IVE to display a Please Wait message and if the components are java-based. If yes, the code calls the stopComponents() JavaScript function to stop the component. <% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) && delivery_mode == 'java'%> onload="javascript:stopComponents()" plugintype 101 Juniper Networks Secure Access Administration Guide <% END %> Related topics PleaseWait.thtml on page 97 PleaseWaitObjectCC on page 99 PleaseWaitObjectHC on page 100 stopComponents() on page 132 plugintype Provides the information about type of defender server application. Object Type Template variable Included in Defender.thtml Usage Optional. Valid value is CASQUEAPP. The IVE sets the plugintype variable to CASQUEAPP when finding a Casque RADIUS server. Example The following code loads the frmCasque HTML form if the plugintype contains the value CASQUEAPP: <% IF plugintype == 'CASQUE' %> <form name="frmCasque" method="POST" autocomplete=off> <INPUT type=hidden name="cval" value="<% secid_challenge %>"> <INPUT type=hidden name="p" value="casqueapp"> <a href="#" onClick="submitFrmCasque(); return false;"> LAUNCH CASQUE PLAYER</a><BR> </form> Related topics Defender.thtml on page 47 frmCasque on page 52 portal User interface string that displays the sign-in pages portal name. Object Type Template variable Default Value Secure SSL VPN Included in LoginPage.thtml, LogoutPage.thtml, SSL.thtml, SecondaryLoginPage.thtml, Logout.thtml, Defender.thtml, ExceededConcurrent.thtml, GeneratePin.thtml, NewPin.thtml, NextToken.thtml, ShowSystemPin.thtml Usage Optional Example <% portal FILTER verbatim %> Related topics None Juniper Networks Secure Access Administration Guide 102 prompts prompts Contains display information for username/password prompts. Object type Template variable Included in LoginPage-ppc.thtml, LoginPage.thtml, NewPin.thtml, NextToken.thtml, Defender- ppc.thtml, Defender.thtml, SecondaryLoginPage-ppc.thtml, SecondaryLoginPage.thtml, SM-NewPinSelect.thtml, SM-NewUserPin.thtml, SM-NextToken.thtml Usage Required when including SecondaryLoginPage.thtml template in your zip file to collect secondary authentication credentials. The prompt variable is a hash list used to display primary and/or secondary username and password prompts in the sign- in page. You can use the prompts variable instead of hardcoding username and password labels. If you want to prompt the user to enter secondary sign-in credentials, and you do not include the prompts variable in your template, the IVE brings up a secondary sign-in page to collect the users secondary credentials. If you include the prompts variable, the IVE collects the secondary credentials along with the primary credentials in the main sign-in page. Example The following example is a required piece of code in the SecondaryLoginPage.thtml template: <% FOREACH prompt = prompts %> <% NEXT IF !prompt.required %> <% prompt.promptText %> <input type="<% prompt.type %>" name="<% prompt.name %>" size="20"> <% END %> Related topics SecondaryLoginPage.thtml on page 113 realm Returns name of the current users realm. Object type HTML form field Included in LoginPage-ppc.thtml, LoginPage.thtml, SM-NewPinSelect-ppc.thtml, SM- NewPinSelect.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM- NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken-ppc.thtml, SM- NextToken.thtml, GeneratePin.thtml, NewPin.thtml Usage Required. Login.cgi passes the realm value posted here to the appropriate authentication server. See example below. Example The following example appears in several template files: <% IF RealmList.size == 0 %> <td>LoginRealm</td><td> </td><td> <input type="text" name="realm" size="20"> realm 103 Juniper Networks Secure Access Administration Guide </td> <% ELSIF RealmList.size == 1 %> <input type="hidden" name="realm" value="<% RealmList.0 %>"> <% ELSE %> <td>LoginRealm</td><td> </td><td> <select size="1" name="realm"> <% FOREACH r = RealmList %> <option value="<% r %>" ><% r %></option> <% END %> </select> If you only associate one realm with a URL, and you want to eliminate the realm text box and realm list box altogether, you can eliminate this code with the exception of the following line: <input type="hidden" name="realm" value="<% RealmList.0 %>"> You must include this line. The IVE populates this variable with the correct value. You can use this approach if you are sure that only one realm is associated with the sign-in URL. Related topics RealmList on page 103 realm User interface label for the string realm. Object Type Template variable Default value Realm Included in LoginPage.thtml Usage Optional Example In the following example, if no list of realms is available, display a textbox for the user to enter their realm. The realm variable is a label for the textbox. <% IF RealmList.size == 0 %> <% realm %> <input type="text" name="realm" value="" size="20"> Related topics RealmList on page 103 RealmList List of realms available to the user. Object type Template variable Included in LoginPage.thtml, LoginPage-ppc.thtml, GeneratePin.thtml, NewPin.thtml Juniper Networks Secure Access Administration Guide 104 recallLastRealmUsed() Usage Optional. If you use the RealmList variable in the LoginPage.thtml template, the following rules apply: If RealmList.size = 0, then allow the user to type the realm name into a text box. If RealmList.size => 1, then allow the user to choose the realm name from a list box. Example The following example from LoginPage.thtml shows RealmList being used as an index in a foreach loop that returns the available realms. <% FOREACH r = RealmList %> <option value="<% r %>" ><% r %></option> <% END %> Related topics CertificateAuthentication on page 43 realm on page 102 recallLastRealmUsed() Use this function if you want to allow users to select from multiple realms in the sign-in page. Object type JavaScript function Included in LoginPage.thtml, LoginPage-ppc.thtml Usage Optional Example The function checks that a realm exists and then gets the last selected authentication realm. function recallLastRealmUsed() { if (document.frmLogin.realm != null && document.frmLogin.realm.type == "select-one") { // try to remember which auth realm was last used var sLastRealm = GetCookieValue("lastRealm"); if (sLastRealm.length > 0) { var cmb = document.frmLogin.realm; var nNumRealms = cmb.options.length; for (var n=0; n < nNumRealms; n++) { if (cmb.options[n].text == sLastRealm) { cmb.selectedIndex = n; } } } } } Related topics FinishLoad() on page 50 redirect() 105 Juniper Networks Secure Access Administration Guide redirect() Redirects the page to a compatibility checking page. Object Type JavaScript function Included in MeetingRunJava.thtml, MeetingTestMSJava.thtml, MeetingTestJava.thtml Usage Optional Example The following two code samples show how the redirect() function redirects to a meeting page generated by a given CGI file: From MeetingTestMSJava.thtml: function redirect () { document.location.replace("/dana-na/meeting/ <%signin%>meeting_testjava.cgi?<%mid_param%>") } From MeetingTestJava.thtml: function redirect () { document.location.replace("/dana-na/meeting/ <%signin%>meeting_testresult.cgi?<%mid_param%>") } Related topics MeetingTestMSJava.thtml on page 79 MeetingRunJava.thtml on page 77 MeetingTestJava.thtml on page 78 MeetingTestJS.thtml on page 79 Remediate.thtml Provides the user with the ability to fix the Host Checker starts during pre- authentication and post-authentication, before the Welcome page displays. Object type Template Usage Optional. If you have enabled Host Checker remediation, this page appears before/after the sign-in page and displays messages to the user when Host Checker policies with custom instructions have failed. Required variables listFailedPolicies on page 65 showButtons on page 119 showClose on page 120 showContinue on page 120 Juniper Networks Secure Access Administration Guide 106 Remediate-ppc.thtml showHeading on page 121 showLoading on page 121 showPolicies on page 122 showRemedOption on page 121 showTryAgain on page 123 Example None Related topics Remediate-ppc.thtml on page 106 Remediate-ppc.thtml Provides the user with the ability to fix the Host Checker starts during pre- authentication and post-authentication, before the Welcome page displays. Pocket PC version of Remediate.thtml on page 105. Object type Template Usage Optional. If you have enabled Host Checker remediation, this page appears before/after the sign-in page and displays messages to the user when Host Checker policies with custom instructions have failed. Required variables listFailedPolicies on page 65 showButtons on page 119 showClose on page 120 showContinue on page 120 showHeading on page 121 showLoading on page 121 showPolicies on page 122 showRemedOption on page 121 showTryAgain on page 123 Example None Related topics Remediate.thtml on page 105 remedy1 Contains the first possible remedy if your system is not fully compatible. remedy2 107 Juniper Networks Secure Access Administration Guide Object Type Template variable Included in MeetingTestResult.thtml Usage Required Example The following code displays the first remedy: <% IF remedy1 %> <% remedy1 FILTER verbatim %> <% END %> Related topics remedy2 on page 107 remedy2 Contains the second possible remedy if your system is not fully compatible. Object Type Template variable Included in MeetingTestResult.thtml Usage Required Example The following code displays the second remedy: <% IF remedy2 %> <% remedy2 FILTER verbatim %> <% END %> Related topics remedy1 on page 106 RoleList List of roles available to the user. Object Type Template variable Included in SelectRole.thtml, SelectRole-ppc.thtml Usage Optional Example The following code uses the RoleList variable to process a loop of roles (in this case, two roles): <%FOREACH role = RoleList %> <a href="login.cgi?loginmode=mode_selectedrole&role=<%role.0%> &selectrolekey=<%SelectRoleKey%>&passwordExpiration= <%PasswordExpiration%>"><%role.1%></a> <%END%> Related topics SelectRole.thtml on page 114 Juniper Networks Secure Access Administration Guide 108 rows rows Contains the number of occurrences that match the search criteria. Object Type Template variable Included in MeetingSelect.thtml Usage Required Example The following code checks to see if there are any matching occurrences. If yes, the code then generates a list of meeting instances: <% IF rows %> <%FOREACH meeting = meetings%> <input type="button" value=" > " onclick="self.location='/dana-na/meeting/ <%signin%>login_meeting.cgi?mid=<%mid%>& occurrence=<%meeting.3%><%params%>'"> <%started%> <%meeting.0%> <%meeting.1%> <%meeting.2%> <% END %> <%END%> Related topics MeetingSelect.thtml on page 78 runOnLoad Called when page loads the <body>. Object Type JavaScript function Included in Remediate.thtml, Remediate-ppc.thtml Usage Optional. Useful when you need to load ActiveX or an applet as needed. Example None Related topics Remediate.thtml on page 105 safari Boolean that indicates whether or not the users browser is Macintosh Safari. Object Type Template variable Included in Logout.thtml, MeetingTestJS.thtml Usage Required secid_challenge 109 Juniper Networks Secure Access Administration Guide Example The following code fragment tests the variable to discover if the browser is the Safari browser: <% IF safari %> Related topics geckoBrowser on page 54 secid_challenge Challenge string obtained from a server. Object Type Template variable Included in Defender.thtml, Defender-ppc.thtml Usage Required. Used to return a challenge string from a RADIUS server in Defender.thtml. Example The following code sets the challenge value to the value obtained from the RADIUS server. <INPUT type=hidden name="cval" value="<% secid_challenge %>"> Related topics Defender.thtml on page 47 p on page 90 secidcontextid Form field for the value represented by secid_contextid. Object Type HTML form field Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml, Defender.thtml, Defender-ppc.thtml Usage Required Example The following code assigns the handle of the current transaction to a form field: <INPUT type=hidden name="secidcontextid" value="<% secid_contextid %>"> Related topics secid_contextid on page 109 secid_contextid Current transaction handle. Object Type Template variable Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin-ppc.thtml, NewPin.thtml, NextToken- ppc.thtml, NextToken.thtml Juniper Networks Secure Access Administration Guide 110 secid_loginmode Usage Required. You must send this value to the server, but if you do not want to expose it to the user, send it as a hidden form field. Example The following code assigns the current transaction handle from the server to the HTML form. <INPUT type=hidden name="secidcontextid" value="<% secid_contextid %>"> Related topics secidcontextid on page 109 secid_loginmode Returns a value of Next Token mode or New PIN mode. Object Type Template variable Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin-ppc.thtml, NewPin.thtml, NextToken- ppc.thtml, NextToken.thtml, Defender-ppc.thtml, Defender.thtml Usage Required. You must send this value to the server, but if you do not want to expose it to the user, you may send it as a hidden form field. Example The following code assigns the mode to the HTML form: <INPUT type=hidden name="loginmode" value="<% secid_loginmode %>"> Related topics secidcontextid on page 109 secid_contextid on page 109 secid_pinerr Error code and corresponding message that informs the user if he has entered his PIN incorrectly. Object Type Template variable Included in GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml Usage Optional Example The following code shows four different conditions using secid_pinerr: <% IF secid_pinerr == 0 %> New PIN required <% ELSIF secid_pinerr == 1 %> The Two PINs Entered Do Not Match <% ELSIF secid_pinerr == 2 %> Invalid PIN Format <% ELSIF secid_pinerr == 3 %> Invalid PIN Length <% END %> secid_pinformat 111 Juniper Networks Secure Access Administration Guide Related topics secid_pinformat on page 111 secid_pinselectmode on page 111 secid_pinformat Error message informing the end-user of the restrictions on the required PIN. Object Type Template variable Included in GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml Usage Optional Example The following fragment shows how to use this variable to display a particular restriction: You must create a new Personal Identification Number (PIN) before you can sign in. Your PIN should be <% secid_pinformat %> long. Related topics secidpinformat on page 112 secid_pinselectmode Sets the users PIN select mode. Object Type Template variable Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin-ppc.thtml, NewPin.thtml Usage Optional Example The following code creates a link and sets the login mode: <% IF secid_pinselectmode == 1 %> If you prefer, the system can <a href="secid_genpin.cgi?loginmode=<% secid_loginmode %>" onclick="gCancelNewPinMode=false;"> generate a PIN</a> for you. <% END %> Related topics secidpinselectmode on page 113 secid_systempin System-generated PIN. Object Type Template variable Included in ShowSystemPin.thtml, ShowSystemPin-ppc.thtml, GenerateNewPin.thtml, NewPin.thtml Juniper Networks Secure Access Administration Guide 112 secid_username Usage Optional Example The following code sets the users PIN. Your new PIN is <% secid_systempin %> Be sure to remember it, because you need your PIN each time you sign in. Related topics secidactionSavePin on page 112 secid_username System-supplied username. Object Type Template variable Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml, Defender-ppc.thtml, Defender.thtml, LoginPage.thtml Usage Required Example The following code posts the username passed into the form back to the server: <INPUT type=hidden name="username" value="<% secid_username %>"> Related topics username on page 140 secidactionSavePin Specifies an action to be taken when a new PIN is created. Object Type HTML form field Included in NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml Usage Required Example The value of one of the following fields must be sent to the IVE server: <INPUT type="submit" name="secidactionSavePin" value="Save PIN"> <INPUT type="submit" name="secidactionCancel" value="Cancel"> Related topics GeneratePin.thtml on page 55 NewPin.thtml on page 87 secidpinformat Error message informing the end-user of the restrictions on the required PIN. Object Type HTML form field secidpinselectmode 113 Juniper Networks Secure Access Administration Guide Included in NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml Usage Required Example The following code assigns the secure ID PIN format: <INPUT type=hidden name="secidpinformat" value="<% secid_pinformat %>"> Related topics secid_pinformat on page 111 secidpinselectmode Passes the users PIN select mode to the server. Object Type HTML form field Included in NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml, GeneratePin-ppc.thtml Usage Required Example The following code assigns the PIN select mode: <INPUT type=hidden name="secidpinselectmode" value="<% secid_pinselectmode %>"> Related topics secid_pinselectmode on page 111 SecondaryLoginPage.thtml Collects the users name and password for a secondary authentication server. Object type Template Usage Optional. You must include the prompts variable in LoginPage.thtml in order to call this template. The prompts variable provides the proper form input names and indicates whether or not the inputs are required. However, if you prefer, you can hardcode the form input names into the page and it still works. Further, the sign-in process accepts form input names user#2 and password#2 as the secondary credentials for any authentication server. The names in the prompt variables include the authentication server name in this format: user@ldap, password@ldap. Required variables None Example None Related topics SecondaryLoginPage-ppc.thtml on page 114 Juniper Networks Secure Access Administration Guide 114 SecondaryLoginPage-ppc.thtml SecondaryLoginPage-ppc.thtml Collects the users name and password for a secondary authentication server. Pocket PC version of SecondaryLoginPage.thtml on page 113. Object type Template Usage Optional. You must include the prompt variable in LoginPage.thtml in order to call this template. The prompts variable provides the proper form input names and indicates whether or not the inputs are required. However, if you prefer, you can hardcode the form input names into the page and it still works. Further, the sign-in process accepts form input names user#2 and password#2 as the secondary credentials for any authentication server. The names in the prompt variables include the authentication server name in this format: user@ldap, password@ldap. Required variables None Example None Related topics SecondaryLoginPage.thtml on page 113 SelectRole.thtml Appears after the sign-in page and displays a list of roles from which the user can choose. Object type Template Usage Optional. You may choose to customize this template if you have assigned your users to multiple roles, but have not permissively merged those roles. Required variables None Example None Related topics SelectRole-ppc.thtml on page 114 SelectRole-ppc.thtml Appears after the sign-in page and displays a list of roles from which the user can choose. Pocket PC version of SelectRole.thtml on page 114. Object type Template Usage Optional. You may choose to customize this template if you have assigned your users to multiple roles, but have not permissively merged those roles. Required variables None setFailed() 115 Juniper Networks Secure Access Administration Guide Example None Related topics SelectRole.thtml on page 114 setFailed() Called if the component is stopped intentionally. Object Type JavaScript function Included in Logout.thtml, PleaseWait.thtml Usage component signifies the component that is being checked to see if it has been stopped intentionally. Example The following code stops Host Checker: <%IF pleasewaitObjectHC %> setSucceeded('hc'); <%END%> }catch (e) { <%IF pleasewaitObjectHC %> setFailed('hc'); <%END%> } Related topics setStarted() on page 116 setFinished Called if the component has finished starting up. Object Type JavaScript function Included in Logout.thtml, PleaseWait.thtml Usage Optional componentValid values for component are hc for Host Checker and cc for Cache Cleaner. Example The following code shows how setFinished is used in the Logout.thtml template: function setFinished(component) { document.getElementById(component).style.fontWeight = "normal"; } Related topics Logout.thtml on page 73 PleaseWait.thtml on page 97 Juniper Networks Secure Access Administration Guide 116 SetLastRealm() SetLastRealm() Enables users to select from multiple realms on the sign-in page. Object type JavaScript function Included in LoginPage.thtml, LoginPage-ppc.thtml Usage When the user signs in, this function retrieves the authentication realm selected by the user and sets an expiration date of 30 days. sValueThe name of the realm the user selects. Example The following code shows the function: function SetLastRealm(sValue) { var dtExpire = new Date(); dtExpire.setDate(dtExpire.getDate() + 30); document.cookie = "lastRealm=" + escape(sValue) + "; expires=" + dtExpire.toGMTString(); } Related topics LoginPage.thtml on page 68 setStarted() Called if the component is started in order to stop it. Object Type JavaScript function Included in Logout.thtml, PleaseWait.thtml Usage Required. componentName of the component. Example The following code shows the function: function setStarted(component) { document.getElementById(component).style.fontWeight = "bold"; } Related topics setFailed() on page 115 setSucceeded() Called if the component is successfully stopped. Object Type JavaScript function setthankyou() 117 Juniper Networks Secure Access Administration Guide Included in Logout.thtml, PleaseWait.thtml Usage Required Example The following code calls the function if Host Checker has been successfully stopped: <%IF pleasewaitObjectHC %> setSucceeded('hc'); <%END%> Related topics setStarted() on page 116 setthankyou() Sets the timeout value and calls the thankyou() function, which displays the login page after the user has signed out. Object Type JavaScript function Included in Logout.thtml Usage Required Example The following code shows the function: function setthankyou() { setTimeout("thankyou()", 2000); } Related topics thankyou() on page 135 setup_classid The CLASSID of the ActiveX object. Object Type Template variable Included in Logout.thtml, PleaseWait.thtml Usage Required Example The following example assigns the CLASSID if the delivery mechanism is ActiveX. <%IF delivery_mode == 'activex'%> <OBJECT <%setup_classid FILTER verbatim%> id=NeoterisSetup Related topics setup_codebase on page 117 setup_codebase The path and version information (CODEBASE) of the ActiveX object. Juniper Networks Secure Access Administration Guide 118 Setupappversion Object Type Template variable Included in Logout.thtml, PleaseWait.thtml Usage Required Example The following example assigns the CODEBASE if the delivery mechanism is ActiveX. <%IF delivery_mode == 'activex'%> <OBJECT <%setup_classid FILTER verbatim%> id=NeoterisSetup <%setup_codebase FILTER verbatim%> width=0 height=0 > </OBJECT> Related topics setup_classid on page 117 Setupappversion The version of the Java installer setup application. Object Type Template variable Included in Logout.thtml Usage Required Example The following example assigns the setupappversion after determining the delivery mode: <% IF delivery_mode == 'java' %> <APPLET code=dsSetupApplet.class code=dsSetupApplet id=NeoterisSetup archive="NeoterisSetupApplet.jar" MAYSCRIPT width=0 height=0 codebase="/dana-cached/setup/" > <PARAM NAME="SetupAppVersion" VALUE="<% setupappversion %>"> Related topics Logout.thtml on page 73 setup_codebase Codebase of Juniper Networks NeoterisSetup ActiveX control. Object Type Template variable Included in Logout.thtml, PleaseWait.thtml Usage Optional Example The following code declares the codebase: showButtons 119 Juniper Networks Secure Access Administration Guide <OBJECT classid="clsid:4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06" id=NeoterisSetup <% setup_codebase FILTER verbatim %> width=0 height=0 > </OBJECT> Related topics Logout.thtml on page 73 PleaseWait.thtml on page 97 showButtons Boolean indicating whether or not to show any of the action buttons. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code tests showButtons. If true, then the code continues to test other directives to determine which action buttons to display: <% IF showButtons %> <% IF showTryAgain %> <input name="btnTryAgain" type="button" value="<% textTryAgain %>" onClick="TryAgain()" <% disabled %>> <% END %> <% IF showRemedOption %> <input name="btnHideRemed" type="button" value="<% textRemedOption %>" onClick="HideRemed(); <% disabled %>"> <% HC_REMED_SHOW_ADV_PREFS %> <% END %> <% IF showContinue %> <input name="btnContinue" type="button" value="<% textContinue %>" onClick="Continue()"> <% END %> <% IF showClose %> <input name="btnClose" type="button" value=" <% textClose %> " onClick="javascript:self.close()"> <% END %> <% END %> Related topics showContinue on page 120 showClose on page 120 showRemedOption on page 121 showTryAgain on page 123 Juniper Networks Secure Access Administration Guide 120 showChangePasswordTitle showChangePasswordTitle Boolean indicating whether or not to show primary/secondary password change title. Object Type Template variable Included in PasswordChange.thtml, PasswordChange-ppc.thtml Usage Optional. Example The following code tests the variable. If true, the code then displays the value contained in changePasswordTitle: <%IF showChangePasswordTitle %> <% changePasswordTitle FILTER verbatim %> <%END%> Related topics changePasswordTitle on page 43 PasswordChange.thtml on page 93 showClose Boolean indicating whether or not to show the Close button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code tests showClose. If true, the code constructs a button that closes the page when the user clicks it: <% IF showClose %> <input name="btnClose" type="button" value=" <% textClose %> " onClick="javascript:self.close()"> <% END %> Related topics showContinue on page 120 showContinue Boolean indicates whether or not to show the Continue button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required showHeading 121 Juniper Networks Secure Access Administration Guide Example The following code shows a Continue button if the showContinue variable is true: <% IF showContinue %> <input name="btnContinue" type="button" value="<% textContinue %>" onClick="Continue()"></td> <% END %> Related topics Remediate.thtml on page 105 showHeading flag to determine if we should show heading Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code displays message text if the showHeading variable is true: <% IF showHeading %> <% msg FILTER verbatim %> <% END %> Related topics Remediate.thtml on page 105 showLoading Boolean indicates whether or not to show text during the loading of ActiveX or an applet. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code displays message text if the showLoading variable is true: <% IF showLoading %> <% pleasewait %> <% HC_REMED_POLICIES_CHECK %> Related topics Remediate.thtml on page 105 showRemedOption Boolean indicates whether or not to show the button that displays the message: Do not show remediation for this session. Juniper Networks Secure Access Administration Guide 122 showPolicies Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code tests the value of showRemedOption. If true, the code hides the remediation button: <% IF showRemedOption %> <input name="btnHideRemed" type="button" value="<% textRemedOption %>" onClick="HideRemed(); <% disabled %>"> <% HC_REMED_SHOW_ADV_PREFS %> <% END %> Related topics Remediate.thtml on page 105 showPolicies Boolean indicating whether or not to show remediation policies. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code tests the values of several template variables: <% IF showHeading || showPolicies || showButtons %> Related topics Remediate.thtml on page 105 ShowSystemPin.thtml Displays the system-generated PIN to the user. Object type Template Usage Optional Required variables None Example None Related topics ShowSystemPin-ppc.thtml on page 122 ShowSystemPin-ppc.thtml Displays the system-generated PIN to the user. Pocket PC version of ShowSystemPin.thtml on page 122. showTryAgain 123 Juniper Networks Secure Access Administration Guide Object type Template Usage Optional Required variables None Example None Related topics ShowSystemPin.thtml on page 122 showTryAgain Boolean that indicates whether or not to show the Try Again button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example The following code checks the variable and, if true, displays the Try Again button. The code also disables the button once the end-user has clicked it: <% IF showTryAgain %> <input name="btnTryAgain" type="button" value="<% textTryAgain %>" onClick="TryAgain()" <% disabled %>> <% END %> Related topics TryAgain on page 136 signinAgain Boolean that indicates whether or not to display the login page after users log out. Object Type Template variable Included in Logout.thtml Usage Optional Example The following code checks the variable and, if true, redirects the user to the sign-in page (welcome.cgi). <% IF signinAgain %> <a href="welcome.cgi" ><div id=signindiv> <% signinAgain FILTER verbatim %> Related topics None Juniper Networks Secure Access Administration Guide 124 signInLink signInLink Provides the link to the start page. Object Type Form variable Included in Logout.thtml Usage Optional. If you want to provide the user the ability to sign in again, you must include this link in the href tag. Example None Related topics Logout.thtml on page 73 SM-NewPinSelect.thtml Prompts the user to enter a new PIN or create a system-generated PIN before signing into the IVE. Object type Template Usage Required for SiteMinder authentication. Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect-ppc.thtml on page 124 SM-NewPinSelect-ppc.thtml Prompts the user to enter a new PIN or create a system-generated PIN before signing into the IVE. Pocket PC version of SM-NewPinSelect.thtml on page 124. Object type Template Usage Required for SiteMinder authentication on a Pocket PC. Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect.thtml on page 124 SM-NewPinSystem.thtml Enables the user to create a system-generated PIN if the user selects the System PIN option in the SM-NewPinSelect.thtml page. SM-NewPinSystem-ppc.thtml 125 Juniper Networks Secure Access Administration Guide Object type Template Usage Optional Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect.thtml on page 124 SM-NewPinSystem-ppc.thtml Enables the user to create a system-generated PIN if the user selects the System PIN option in the SM-NewPinSelect-ppc.thtml page. Pocket PC version of SM- NewPinSystem.thtml on page 124. Object type Template Usage Optional Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect-ppc.thtml on page 124 SM-NewUserPin.thtml Prompts the user to create a new PIN if he selects the Enter PIN option in the SM- NewPinSelect.thtml page. Object type Template Usage Optional. Also determines if the two PINs entered by the user match and alerts the user if necessary. When configuring the secid_pinserr variable (which stores the error code and message that informs the user if he mis-entered his PIN), note that possible values include: Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect.thtml on page 124 Table 12: New PIN assignment messages Code Value 0 New PIN Assignment 1 The Two PINs Entered Do Not Match Juniper Networks Secure Access Administration Guide 126 SM-NewUserPin-ppc.thtml SM-NewUserPin-ppc.thtml Prompts the user to create a new PIN if he selects the Enter PIN option in the SM- NewPinSelect-ppc.thtml page. Object type Template Usage Optional. Also determines if the two PINs entered by the user match and alerts the user if necessary. When configuring the secid_pinserr variable (which stores the error code and message that informs the user if he mis-entered his PIN), note that possible values include: Required variables secid_loginmode on page 110 Example None Related topics SM-NewUserPin.thtml on page 125 SM-NextToken.thtml Prompts the user to verify his credentials by entering his SecureID token code. Object type Template Usage Optional. For information the JavaScript, form definitions, form fields, and variables contained in these templates, see comments in the templates. Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect.thtml on page 124 SM-NewPinSystem.thtml on page 124 SM-NextToken-ppc.thtml Prompts the user to verify his credentials by entering his SecureID token code. Pocket PC version of SM-NextToken.thtml on page 126. Table 13: New PIN assignment messages Code Value 0 New PIN Assignment 1 The Two PINs Entered Do Not Match NOTE: If you prohibit the use of System-generated PINS, you do not need to include SM-NewPinSelect.thtml and SM-NewPinSystem.thtml in the zip file that you upload to the IVE. softid_error 127 Juniper Networks Secure Access Administration Guide Object type Template Usage Optional. For information the JavaScript, form definitions, form fields, and variables contained in these templates, see comments in the templates. Required variables secid_loginmode on page 110 Example None Related topics SM-NewPinSelect-ppc.thtml on page 124 SM-NewPinSystem-ppc.thtml on page 125 softid_error Set if the ACE/SoftID authentication server returns errors. Object Type Template variable Included in GeneratePin.thtml (ACE/softID), LoginPage.thtml (ACE/softID), NewPin.thtml (ACE/softID), NextToken.thtml (ACE/softID) Usage Required Example The following code assigns any SoftID errors to a JavaScript variable: var error= "<% softid_error %>"; Related topics softid_time on page 127 softid_time Contains the ACE/SoftID authentication server time. Object Type Template variable Included in LoginPage.thtml (ACE/softID) Usage Required by authenticate() function. Example The following code assigns the ACE/SoftID time to a time variable: var time = <% softid_time %> ; Related topics LoginPage.thtml on page 68 NOTE: If you prohibit the use of System-generated PINs, you do not need to include SM-NewPinSelect-ppc.thtml and SM-NewPinSystem-ppc.thtml in the zip file that you upload to the IVE. Juniper Networks Secure Access Administration Guide 128 SSL.thtml SSL.thtml Displays an error if authentication fails and the user is not allowed to sign into the IVE. Object type Template Usage You must always include SSL.thtml in your zip file. This is a standard IVE page that displays an error if authentication fails or realm-level checks fail and the user is not allowed to sign into the IVE. This template does not contain any JavaScript or forms. However, it does contain error message variables. For more information, see comments in the template. Required variables None Example None Related topics SSL-ppc.thtml on page 128 SSL-ppc.thtml Displays an error if authentication fails or realm-level checks fail and the user is not allowed to sign into the IVE. Pocket PC version of template SSL.thtml on page 128. Object type Template Usage You must always include SSL.thtml in your zip file. This template does not contain any JavaScript or forms. However, it does contain error message variables. For more information, see comments in the template. Required variables None Example None Related topics SSL.thtml on page 128 Start_onclick() Initiates the proper applets when beginning a meeting session. Object Type JavaScript function Included in MeetingRun.thtml Usage Required Example The following code shows the Start_onclick() function: function Start_onclick() { if ( typeof(NeoterisSetup) != "undefined") { Start_onclick_java() 129 Juniper Networks Secure Access Administration Guide try { NeoterisSetup.startSession(); return 0; } catch (e) { return Start_onclick_applet(); } } else { return Start_onclick_applet(); } } Related topics MeetingRun.thtml on page 76 Start_onclick_java() Configures the session manager. Object Type JavaScript function Included in MeetingRun.thtml Usage Required. Called by various pages from which the user starts and stops meeting sessions. Example The following code illustrates how the function begins to configure the session manager: function Start_onclick_java() { var sOptions = "resizable=no,scrollbars=no,status,width=250,height=150"; var x,y; if (screen) { if ((screen.availWidth) && (screen.availHeight)) { x = screen.availWidth - 290; // 40 pixel slop y = screen.availHeight - 190; // 40 pixel slop sOptions += ",left=" + x + ",screenX=" + x + ",top=" + y + ",screenY=" + y; } } Related topics MeetingRun.thtml on page 76 start_status Status of the started Host Checker or Cache Cleaner instance. Object Type JavaScript variable Included in PleaseWait.thtml Usage Required. The return status equals 1 if a test of this variable fails. Example The following code shows how the getStatus function uses the start_status variable: Juniper Networks Secure Access Administration Guide 130 StartCC() function getStatus() { return start_status; } Related topics PleaseWait.thtml on page 97 StartCC() Enables the current user to start Cache Cleaner. Object Type JavaScript function Included in PleaseWait.thtml Usage Optional Example None Related topics PleaseWait.thtml on page 97 StartHC() Enables the current user to start Host Checker. Object Type JavaScript function Included in PleaseWait.thtml Usage Optional Example None Related topics PleaseWait.thtml on page 97 StartCC() on page 130 started Boolean indicating that a meeting instance has started. Object Type Template variable Included in MeetingSelect.thtml Usage Required Example The following code checks to see if meetings have started, and if so, populates the page with sign-in components corresponding to each meeting. <% IF rows %> startPageLink 131 Juniper Networks Secure Access Administration Guide <%FOREACH meeting = meetings%> <input type="button" value=" > "onclick= "self.location='/dana-na/meeting/<%signin%>login_meeting.cgi?mid=<%mid%> &occurrence=<%meeting.3%><%params%>'"> <% started %> <%meeting.0%> <%meeting.1%> <%meeting.2%> <% END %> <%END%> Related topics MeetingSelect.thtml on page 78 startPageLink Page Link for the Welcome Page. Object Type Template variable Included in GraceLoginUsed.thtml, GraceLoginUsed-ppc.thtml, PasswordExpiration.thtml, PasswordExpiration-ppc.thtml Usage Required. Must be added as an href link. Provides a link in the page, allowing user to navigate to the Welcome page. Example The following code shows this variable used as an href link: <a href="<% startPageLink %>">Click here to go to Welcome Page</a> Related topics GraceLoginUsed.thtml on page 57 PasswordExpiration.thtml on page 95 startSessionReDir Initiates a redirect on finding that a meeting applet needs to be installed. Object Type Template variable Included in MeetingAppletInstaller.thtml, MeetingTrouble.thtml Usage Required Example <PARAM NAME="StartSessionReDir" VALUE="<% startSessionReDir %>"> Related topics MeetingAppletInstaller.thtml on page 75 MeetingTrouble.thtml on page 80 Juniper Networks Secure Access Administration Guide 132 stopComponents() stopComponents() Performs a variety of shutdown checks and operations, shutting down Host Checker, Cache Cleaner, and Win32 applets, if necessary, when the end-user signs out. Object Type JavaScript function Included in Logout.thtml Usage Required Example <% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) && delivery_mode == 'java'%> onload="javascript:stopComponents()" <%END%> Related topics delivery_mode on page 47 SubmitClicked() Saves or cancels a PIN per the users request. Object Type JavaScript function Included in GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml, SM-NewUserPin.thtml, SM-NewUserPin- ppc.thtml Usage Required. You must include this function in the header of GeneratePin.thtml. Example From GeneratePin.thtml: function SubmitClicked() { gCancelNewPinMode = false; return true; } From SM-NewUserPin.thtml: function SubmitClicked() { if (document.frmNewPin.password2.value != document.frmNewPin.password3.value) { alert("The Two PINs Entered Do Not Match"); document.frmNewPin.password2.focus(); return false; } } Related topics GeneratePin.thtml on page 55 NewPin.thtml on page 87 submitFrmCasque() 133 Juniper Networks Secure Access Administration Guide NextToken.thtml on page 88 SM-NewUserPin.thtml on page 125 submitFrmCasque() Initiates the download of the CASQUE RADIUS server. Object Type JavaScript function Included in Defender.thtml Usage Required if CASQUE RADIUS server is needed. Example The following code shows the action to initiate the CASQUE server: function submitFrmCasque() { document.frmCasque.action = "/dana-na/download/x.casque? url=/dana-na/auth/welcome.cgi"; document.frmCasque.submit(); } Related topics Defender.thtml on page 47 frmCasque on page 52 testjava_ini Boolean indicating whether or not the IVE needs to perform a compatibility check for Java. Object Type Template variable Included in MeetingTestJava.thtml Usage Required Example <APPLET <% testjava_ini FILTER verbatim %> <PARAM NAME="TestJavaApplet" VALUE="true"> <PARAM NAME="RedirectUrl" VALUE="/danana/meeting/<%signin%>meeting_testresult.cgi ?java=1&<%mid_param%>"> </APPLET> Related topics MeetingTestJava.thtml on page 78 textClose Default text for the Close button. Juniper Networks Secure Access Administration Guide 134 textContinue Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required. Used by the IVE to dynamically update the button name, depending upon the users activity. Example The following code changes the button to a Close button: <% IF showClose %> <input name="btnClose" type="button" value=" <% textClose %> " onClick="javascript:self.close()"> <% END %> Related topics textContinue on page 134 textRemedOption on page 134 textTryAgain on page 135 textContinue Default text for the Continue button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required. Used by the IVE to dynamically update the button name, depending upon the users activity. Example <% IF showContinue %> <input name="btnContinue" type="button" value="<% textContinue %>" onClick="Continue()"> <% END %> Related topics textClose on page 133 textRemedOption on page 134 textTryAgain on page 135 textRemedOption Default text for the Do not show remediation for this session button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required. Used by the IVE to dynamically update the button name, depending upon the users activity. textTryAgain 135 Juniper Networks Secure Access Administration Guide Example <% IF showRemedOption %> <input name="btnHideRemed" type="button" value="<% textRemedOption %>" onClick="HideRemed(); <% disabled %>"> <% HC_REMED_SHOW_ADV_PREFS %> <% END %> Related topics textClose on page 133 textContinue on page 134 textTryAgain on page 135 textTryAgain Default text for the Try Again button. Object Type Template variable Included in Remediate.thtml, Remediate-ppc.thtml Usage Required. Used by the IVE to dynamically update the button name, depending upon the users activity. Example <% IF showTryAgain %> <input name="btnTryAgain" type="button" value="<% textTryAgain %>" onClick="TryAgain()" <% disabled %>> <% END %> Related topics textClose on page 133 textContinue on page 134 textRemedOption on page 134 thankyou() Removes components and displays the login page after an end-user signs out. Object Type JavaScript function Included in Logout.thtml Usage Optional Example The function checks to see which application is being stopped and removed, then displays either an error or the sign-in page. function thankyou() { <%IF pleasewaitObjectHC %> removeBulb('hc'); Juniper Networks Secure Access Administration Guide 136 troubleshooting removeComponent('hc'); <%END%> <%IF pleasewaitObjectCC %> removeBulb('cc'); removeComponent('cc'); <%END%> document.getElementById('pleasewait1').innerHTML = "<% LoginPageErrorMessage FILTER verbatim%>"; document.getElementById('signindiv').innerHTML = "Click here to sign in again"; } Related topics setthankyou() on page 117 troubleshooting Contains the troubleshooting text string. Object Type Template variable Included in MeetingAppletInstaller.thtml, MeetingRunJava.thtml Usage Required Example The following code checks to see if there is a troubleshooting string. If yes, then it displays the text string, as is: <% IF troubleshooting %> <% troubleshooting FILTER verbatim %> <% END %> Related topics MeetingAppletInstaller.thtml on page 75 MeetingRunJava.thtml on page 77 TryAgain Submits the hidden form when the user clicks the Try Again button. Object Type JavaScript function Included in Remediate.thtml, Remediate-ppc.thtml Usage Required Example <% IF showTryAgain %> <input name="btnTryAgain" type="button" value="<% textTryAgain %>" onClick="TryAgain()" <% disabled %>> <% END %> Related topics showTryAgain on page 123 type 137 Juniper Networks Secure Access Administration Guide type Contains the type of client to use when running Meeting. Object Type Template variable Included in MeetingTrouble.thtml Usage Required. Allowable values are: activex java applet Example The following code checks to see if the type of client is ActiveX: <% IF type == 'activex' %> <OBJECT <% ini FILTER verbatim %> <PARAM NAME="StartSessionReDir" VALUE="<%startSessionReDir%>"> <PARAM NAME="UninstallReDir" VALUE="<%uninstallReDir%>"> <PARAM NAME="locale" VALUE="<%locale%>"> </OBJECT> <% END %> Related topics MeetingTrouble.thtml on page 80 tz_offset Contains the time zone offset. Object type HTML form field Included in LoginPage.thtml, LoginPage-ppc.thtml Usage Required. The Login() function uses the tz_offset (time zone offset) value to help determine the users time zone. Example The following code shows how the tz_offset field is used in an HTML form. <input type="hidden" name="tz_offset"> Related topics LoginPage.thtml on page 68 uninstall_action Indicates the type of action to take when having trouble launching a meeting instance. Juniper Networks Secure Access Administration Guide 138 Uninstall_applet() Object Type Template variable Included in MeetingTrouble.thtml Usage Required Example The following code illustrates the use of the uninstall_action variable: <% IF type == 'activex' || type == 'applet' %> If you encounter problems launching Secure Meeting, uninstall the version that is currently on your system. <input type="button" value="Uninstall" id=Uninstall name=button2 LANGUAGE=javascript onclick="<% uninstall_action %>"> After uninstalling, return to the "Join Meeting" page and click "Start Meeting" or "Join Meeting" to reinstall the latest Secure Meeting application.<br> <% END %> Related topics Uninstall_applet() on page 138 Uninstall_applet() Initiates the uninstallation of an applet. Object Type JavaScript function Included in MeetingTrouble.thtml Usage Required. Note that the first character is upper cased. Example The following code is the uninstall_applet() function: Uninstall_applet() { window.location = "/dana-na/meeting/meeting_appletuninstall.cgi? mid=<%mid%>&occurrence=<%occurrence%>&type=<%type%>"; return true; } Related topics MeetingTrouble.thtml on page 80 Uninstall_onclick() Initiates the uninstall script. Object Type JavaScript function Included in MeetingTrouble.thtml Usage Required. Note that the first character is upper cased. Example The following code is the uninstall_onclick() function: Uninstall_onclick() { if ( typeof(NeoterisSetup) != "undefined" ) { uninstallReDir 139 Juniper Networks Secure Access Administration Guide NeoterisSetup.uninstall(); return 1; } else { return 0; } } Related topics MeetingTrouble.thtml on page 80 uninstallReDir Contains the location of the page to go to on an uninstall. Object Type Template variable Included in MeetingAppletInstaller.thtml, MeetingTrouble.thtml Usage Required Example The following code assigns the uninstall redirect page to a form parameter: <PARAM NAME="UninstallReDir" VALUE="<% uninstallReDir %>"> Related topics MeetingAppletInstaller.thtml on page 75 MeetingTrouble.thtml on page 80 UninstallCC Indicates whether or not Cache Cleaner uninstall is enabled. Object Type Template variable Included in Logout.thtml Usage Required. Not to be confused with JavaScript variable uninstallcc. Example The following code checks to see that the Cache Cleaner uninstall is enabled. If yes, then the code sets the JavaScript uninstallcc variable to 1, which indicates that the system should uninstall if the JavaScript function stopCC() is running: <%IF uninstallCC %> uninstallcc = 1; <%END%> Related topics StartCC() on page 130 Juniper Networks Secure Access Administration Guide 140 upAndRunning() upAndRunning() Indicates whether or not Host Checker or Cache Cleaner are up and running after they are started. Object Type JavaScript function Included in PleaseWait.thtml Usage Optional Example None Related topics PleaseWait.thtml on page 97 username This field is required for all types of authentication servers except anonymous servers and certificate servers. Object type Template variable Included in LoginMeeting.thtml, MeetingAppletInstaller.thtml, MeetingRun.thtml Usage Required. As an example of usernames use, Login.cgi (a Perl script on the IVE) passes the username value to the appropriate authentication server. Example The following example shows the use of the username variable in a meeting sign-in sequence: <PARAM NAME="Parameter0" VALUE="meeting_id=<%instanceId%>;user_name=<% username %>; cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"> Related topics password on page 92 warnings Contains meeting warnings. Object Type Template variable Included in MeetingRun.thtml Usage Required Example The following code is included in MeetingRun.thtml. You should not modify the code: <% warnings FILTER verbatim %> welcome 141 Juniper Networks Secure Access Administration Guide Related topics MeetingRun.thtml on page 76 welcome Contains the welcome message string. Object Type Template variable Default Value Welcome to the Included in LoginPage.thtml, LogoutPage.thtml, SSL.thtml, SecondaryLoginPage.thtml, Logout.thtml, Defender.thtml, ExceededConcurrent.thtml, GeneratePin.thtml, NewPin.thtml, NextToken.thtml, ShowSystemPin.thtml Usage Optional Example <form name="frmLogin" action=login.cgi method="POST" autocomplete=off onsubmit="return Login(<% setcookies %>)"> <input type="hidden" name="tz_offset"> <% welcome FILTER verbatim %> Related topics None win32 Indicates whether or not the client operating system is Windows. Object Type Template variable Included in Logout.thtml, MeetingTestJS.thtml Usage Required Example The following code checks to see if the operating system is Windows. If yes, the code loads redirects the page to a page to test the compatibility of Microsoft Java: function checkActiveX () { var win = <% win32 %>; try { NeoterisSetup.isValid(); document.form1.submit(); return true; } catch (e) { var url = win ? "/dana-na/meeting/ <%signin%>meeting_testmsjava.cgi? <%mid_param%>" : "/dana-na/meeting/<%signin%> meeting_testjava.cgi?<%mid_param%>"; document.location.replace(url); } } Related topics MeetingTestMSJava.thtml on page 79 Juniper Networks Secure Access Administration Guide 142 win32 1 Index Symbols ...........................................................................................6 A Accept-Language...............................................................32 Accept-Language header abbreviations .............................32 ActivePerl............................................................................5 AnonymousAuthentication variable, discussed..................37 AppConfig...........................................................................5 arithmetic operators, defined............................................13 authentication servers SiteMinder custom sign in pages..........................................50 B block directives, defined ...................................................13 bracket tokens ....................................................................6 C Cache Cleaner custom pages ................................................74, 97, 98 CALL directive, restriction .................................................14 Cancel.thtml, discussed ....................................................46 CASE directive, discussed..................................................13 CertificateAuthentication variable, discussed ....................43 conditional operators, discussed .......................................13 conditional test, creating ..................................................13 custom help files.................................................................4 custom sign-in pages ........................................................31 localizing ...................................................................31 Cygwin ...............................................................................5 D Defender.thtml, discussed.................................................47 directive, defined................................................................8 E ELSIF directives, discussed................................................13 END directive, discussed...................................................13 errors modifying..................................................................70 eTrust SiteMinder................................................................2 ExceededConcurrent.thtml, discussed ........................48, 49 F FILTER directive, restriction ..............................................14 FinishLoad() function, discussed.......................................50 FOREACH loop, discussed ................................................14 G GeneratePin.thtml, discussed............................................55 GET directive, discussed......................................................9 GetCookieValue(sName) function, discussed .....................56 getTimezoneOffset() function, discussed...........................67 GraceLoginUsed.thtml, discussed......................................57 H Home variable, discussed..................................................62 Host Checker custom pages.................................................74, 97, 98 I IF directive, discussed.......................................................13 INCLUDE.............................................................................9 INSERT................................................................................9 internationalization...........................................................31 INTERPOLATE directive, restriction...................................14 J J-SAM See Secure Application Manager, J-SAM K keyboard.js .......................................................................64 keyboard-based login..........................................................2 Kiosk.zip.............................................................................2 Kiosk.zip, discussed..........................................................34 L languages..........................................................................31 Linux ..................................................................................5 localization........................................................................31 Login() function, discussed................................................67 Login.cgi, discussed ........................................................140 LoginPage.thtml, customizing .....................................68, 69 LoginPage.thtml, discussed .........................................68, 69 LoginPageErrorCode .........................................................70 LoginPageErrorCode variable, discussed .....................73, 74 LoginPageErrorMessage variable, discussed ..........71, 72, 74 Logout.thtml, discussed ..............................................73, 75 M Mac OS X............................................................................5 mathematical operators, defined.......................................13 Meeting.zip.........................................................................2 N NewPin.thtml, discussed.............................................87, 88 NextToken.thtml, discussed ........................................88, 89 P PasswordChange.thtml, discussed...............................93, 94 PasswordExpiration.thtml, discussed ................................95 Perl AppConfig....................................................................5 Custom Sign-in Pages Solution Guide 2 PERL directive, restriction................................................. 14 Pocket PC custom sign in pages............................................. 2, 17 PROCESS........................................................................ 8, 9 R RAWPERL directive, restriction ......................................... 14 RealmList variable, discussed ......................................... 103 recallLastRealmUsed() function, discussed...................... 104 RSA Soft ID client ............................................................... 2 RSA SoftID client, custom pages ....................................... 34 S sample templates downloading ............................................................... 6 Sample.zip.......................................................................... 2 samples.zip, discussed...................................................... 16 secid_pinselectmode variable, discussed .................... 87, 88 secid_pinserr variable, discussed................................ 87, 88 Secure Application Manager J-SAM custom pages..................................................... 74 SelectRole.thtml, discussed............................................. 115 SET directive, discussed...................................................... 9 SetLastRealm(sValue) function, discussed ....................... 116 ShowSystemPin.thtml, discussed.................................... 122 sign-in page, customizing ........................................... 68, 69 SM-NewPinSelect.thtml, discussed.................................. 124 SM-NewPinSystem.thtml, discussed ............................... 124 SM-NewUserPin.thtml, discussed.................................... 125 SM-NextToken.thtml, discussed...................................... 126 SoftID.zip ........................................................................... 2 SoftID.zip, discussed ........................................................ 34 SSL.thtml, discussed....................................................... 128 SWITCH directive, discussed............................................. 13 T TAGS directive, restriction ................................................. 14 template comments ........................................................... 9 Template Toolkit ................................................................. 4 Template Toolkit documentation......................................... 9 template toolkit language, discussed................................... 7 template variable LoginPageErrorCode.................................................. 70 thtml files ......................................................................... 32 tpage .................................................................................. 6 ttree.................................................................................... 6 tz _offset variable, discussed........................................... 137 tz_offset variable, discussed.............................................. 67 U USE directive, restriction................................................... 14 W WHILE loop, discussed ..................................................... 14 Windows ............................................................................ 5