All Topics » Pulse Connect Secure



variable not working with UPN name and HTML5 RDP


hutchingsp
Contributor (1)
Oct 25, 2017 4:39pm
I have an HTML5 RDP resource setup using as the username.

I also have traditional TS resources setup using as the username.

If I login to our PSA as "Joe Bloggs" both options work.

If I login to our PSA as "joe@domain.com" i.e. using the users UPN name I can access the TS bookmark but not the HTML5 one, it refuses to authenticate and the security log on the RDS box shows an invalid username/password event for joe@domain.com.

If I login to the RDS box directly as joe@domain.com I can do so.

Of course just to confirm the passwords are correct as this is all doing domain auth so I wouldn't get onto the PSA unless I were using correct domain creds :)

Would anyone have any ideas before I open a ticket please?



hutchingsp
Contributor (1)
Oct 25, 2017 4:40pm
OK so it seems to be stripping off the piece where I said that I'm using "" as the username variable for both?!
    hutchingsp
    Contributor (1)
    Oct 25, 2017 4:41pm
    USER enclosed in less than and greater than quotes - the forum is stripping it.
    hutchingsp
    Contributor (1)
    Oct 26, 2017 6:47pm
    I don't seem able to reply at the level of your reply :)

    These are static bookmarks. If it's just a case of it's not supported but is being developed (hopefully) we can live with that, I guess I just thought the HTML5 would work with exactly the same variables as the generic TS.

    Odd thing is if I look at the RDS box security logs it does seem to log a bad username/password event and appears to show the correct username in UPN format, but the bookmark is clearly passing the correct password as I can get in with the "Joe Bloggs" username format if that makes sense.
zanyterp
Pulse Secure Contributor (40)
Oct 26, 2017 12:35pm
What version of software are you using?
HTML5 did not support variables for the password until 8.2R7; and password[ 2 ] (hopefully i "escaped" sufficiently for the value to show")until 8.3R3.
    hutchingsp
    Contributor (1)
    Oct 26, 2017 1:09pm
    I give up on how to escape things :)

    We're on 8.2R8.1 (build 57583) and this is what is in the resource bookmark and works using "Joe Bloggs" as the IVE logon name.

    https://imgur.com/a/wmSNg
    zanyterp
    Pulse Secure Contributor (40)
    Oct 26, 2017 1:40pm
    Thank you; can you try userAttr.upn (or whatever you see is the UPN variable listed when you do the policy trace?
    hutchingsp
    Contributor (1)
    Oct 26, 2017 2:10pm
    Thanks, thing is we want people to be able to use either ideally.

    So some people logon IVE as "joe bloggs" some sign on as "joe@domain.local" and either is passed through to HTML5.

    Odd that it works fine with the regular TS bookmarks?
    zanyterp
    Pulse Secure Contributor (40)
    Oct 26, 2017 5:03pm
    Unfortunately, HTML5 did not have the variable/attribute support built-in initially and has been added slowly
    Are these user-created bookmarks or ones that you are creating as the admin?