The files seem to have been moved, can you update with new lcoation if you know it? Thanks   ... View more

when using the IVE as an ientity provider only, does it count against your councurrent user logins? ... View more

Could you provide more documentation on the Customized Variables please.?, like , can the REGMATCH macro be used just like the regmatch() function in Perl?, can this be usued at the role level foristance to customize re-write rules, say you wanted to selectively re-write certain functuions on a page and not other via pattern matching with REGMATCH...... PS: you guys have a greate product but your documentation for advanced options is seriously lacking. ... View more

I believe those iOS custom pages have been depricated and are not to be used beyond 7.0, I think.....I had a case some time ago with JTAC and thats what was comunicated to me...you should use the regular custom pages to cutomize, ... View more

I have SCEP/NDES running in my enviroment to automate certificate enrollment for iPads, this all works great to a point, I can create a profile in the IPCU, set all the required settings including SCEP enrollmenent settings, export the config file and and run it on an ipad....it installs fine, including enrolling for a cert via SCEP...............but there're gaps I have run into and hope someone has solved this. 1. The SCEP enrollment cerrtificate templates have to be of subject type = Computer and not User, the IVE fails to authenticate with a client cert that is of subject type = Computer, if I manually create a client certificate of subject type =User, the IVE authenticates it just fine... is this a Juniper bug??? 2. My deploment stategy for the configurations files was to drop them into user's personal share drives, we have these published via the re-write engine for all our users already, so they would simply navigate there via Safari on their iPad and downlaod the config file........what I have run into is that when the iPad installer runs through its installation and comes to the SCEP part, the call to the SCEP server is done in a very wierd manner that I still dont get, I have tried to change the SCEP server url in the IPCU section to an IVE re-written form like https://ACMEIVE.com/CertSrv/mscep/,DanaInfo=machine1.example.com,SSO=U+mscep.dll ........the install fails with error "This SCEP server configuration is not supported" It almost seems as it the installer is expecting a Layer 3 network connection to already exist for it to make a call to the SCEP server. Now, I have other ssl vpn profiles on the iPad that I'm testing from, if I launch one of them and make a vpn connection, the profle installation complets fine, together with the SCEP enrollment.....I can see the certificate in the isntalled profile and TCPDUMP shows the SCEP conversation via http Obviously, the desired case would be to be able to have the iPad installer make the SCEP call via the rewrite engine or via an internet facing SCEP server somehow.... ... View more

Just an FYI...if you need to use client ssl auth with junos pulse client and pulse on the IVE, you need to bind an SSL cert on the external and internal interfaces of the IVE, this does not apply to junos client and network connect on the IVE side, here is an explanation from JTAC below, "Regarding the reason why both interface require cert, the cert is required on the internal interface due to restriction in the TTLS plug-in. The TTLS plug-in only creates one instance of the SSL context and the cert for this context is defaulted to the internal interface. This connection will only be used during authentication and not after the connection has been created. The cert is required on the external interface because the secure connection is established on the external interface. There is no connection from the client to the internal interface on an SA. ... View more

What we have done is have RSA as your primary auth and have AD as your secondary auth server, configure the ive to read of the SamAccountName from AD at login, on you custom login pages, use the <password2> variable for your AD account password field, ... View more

I have the same issue too, I know my cert is good cause when I switch the vpn client to network connect on the same role, it connects just fine, switch it back to pulse client and same error ... View more

How did you map this to your role mapping cert attribute ? ... View more

Hello.. Did you ever find help materials on this?, I'm trying to implement the same thing..Thx ... View more

We have used the passwordExpiration.thtml to notify users that their password is about to expire in the past, but there is no functionality to link the user from there to the PasswordChange.thtml to enable the user to change the password at that point if they so choose, seems rather silly that you would warn the user that the password is about to expire and not give them the option to do so. Over the years I have braught this up with Juniper to no avail, the only thing they kept suggesting was to send the user to the default ive bookmarks console to do it there, well thats why I use custom pages because I do not expose the bookmark console to my users, If any one has figured this out, please let me know, Thx ... View more

You have to add this param to your settings, <param name="geometry" value="1024x768"> ... View more

Has anyone had any luck getting Citrix to work with ProperJavaRDP ?, my plain vanila terminal services works just fine, actually works great, my Mac users love it, but when I use it to publish Citrix, it throws all kind of errors about certain class files and property files that it cant find in the jar files.......I looked in the java-getopt-1.0.11.jar and sure enough it doesnt have the US English class and proptery files, I downloaded the latest version,java-getopt-1.0.13, it doesnt have them either.......so why is the IVE JVM looking for this files???, why doesnt it just load the default class and property files instead??, is this a bug??......or did a Juniper developer screw up the JVM property file...Ghrrrrrr, wish they would give us access to this stuff so we can fix it ourselves. For log4j-java1.1.jar.....The IVE JVM is looking for log4j.properties and log4j.xml in the wrong Package Path, its looking at \ instead of \org\apache\log4j......another Juniper developer screw up again, I guess.... WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en_US.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en_US.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en_US.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en_US.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle_en.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/gnu/getopt/MessagesBundle.class' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.properties' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.xml' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.xml' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.xml' is not found. Info WEB24302 2009-09-25 15:33:20 - ive - [xxxxxxxx] Root::xxxxxxxx[Users] - Applet file '/dana-cached/webapplets/vc0/rewritten/applet_0/log4j.xml' is not found. Info WEB23656 2009-09-25 Message Edited by morpheuss on 09-25-2009 01:26 PM ... View more

Thanks for the response, I believe the issue you're referencing is only particular to Win2003 AD, I have AD 2000, I do have keberos and NTLM enabled for backwards compatability, What I find interesting is that the attribute is updated only when you input an incorrect password. ... View more

I was not impressed at all with this book, way too basic, I expected something more indepth, like advanced custom login pages, custom attribute usage, etc. I returned mine to Amazon and got my money back ... View more

I have been able to resolve this in the past by forcing a purge of all juniper temp files on the client side at login, seems to happen a lot after an upgrade or importing a config from back up. ... View more