Forum Discussion
David_G__33241
Nimbostratus
NimbostratusCustom Deny Ending in Access Policy
When you create a custom ending in an access policy, it is pretty straight forward to change the messages that appear on the screen. This can be done directly in the VPE under "Edit Endings;Customization or in Advanced Customization. Using either method, you can change the session denied message from
this: to this:
(Just added the ***** to show what can be modified)
My scenario is that the user has just clicked on an embedded link in an email that launches the Edge Client on an iPad. This takes him to vpn.company.com/register where the access policy will grab the UDID from his iPad (which requires the use of the Edge Client), ask him to authenticate with SecurID so that we know who he is, and then the information is automatically emailed to an internal support person via the email event in the access policy. Once this is done, the user is presented with a VPE message informing him what will happen next, and then the session is denied. I do not want the user to see the standard "denied" message which tells him absolutely nothing useful. It also presents him with a "click here" link which will push him back to the main URL and he will not be able to logon since his registration has not yet been processed.
My question is, how do I get rid of the last line completely? Ideally I would like to get rid of the session reference number line as well. I have looked through my.acl.inc, logout.inc, header.inc, apm*.css, etc. but the code that displays this is not jumping off the page at me.
Could someone point me in the right direction?
Thanks,
David
APM 11.5.1 HF7
Have you tried replacing the text that you don't want to display?
For instance, under Advanced Customization -> Localization (tab) -> Customization Settings -> Access Profiles -> {Access Profile Name} -> Access Policy -> Ending Pages -> Deny -> General, replace the New Session Text and New Session Link with something that will leave blank space - like a
.
matt_64003Cirrus
Have you tried replacing the text that you don't want to display?
For instance, under Advanced Customization -> Localization (tab) -> Customization Settings -> Access Profiles -> {Access Profile Name} -> Access Policy -> Ending Pages -> Deny -> General, replace the New Session Text and New Session Link with something that will leave blank space - like a
.
David_G__33241Matt - I never thought of that - it works great. I have to say I'm surprised that a link could be replaced with abut this does completely blank the session link and text. It would still be handy to locate the code because there is no way to do the same for the session reference number although it is not the end of the world.
Michael_JenkinsCirrostratus
Along the same lines at @matt mentioned, you can actually edit the PHP code for the deny page in the Advanced Customization page. If you change the Edit Mode to Advanced and then drill down to the deny page (Access Profiles >> (Profile Name) >> Access Policy >> Ending Pages >> Deny). Not sure if it would be the logout.inc or the my.acl.inc (i think it's the latter) that you'd want to change, but you can edit the page code there, adding or removing whatever you want.
With this method, you can remove the whole section about the session id in the page.
David_GillI had originally tried changing some instances of "visible" to "hidden" but this did not work. I later commented out the actual code and this did work. The code in question was:
document.getElementById("sessionDIV").innerHTML = ' %[session_id_caption] ' + display_session + ' '; document.getElementById("sessionDIV").style.visibility = "visible";This is from logout.inc.
By the way it is worth noting that this is a custom ending therefore it is not the original logout.inc that is being modified. I would not change that one.
Case closed. Thanks, folks!