Applies To:

Show Versions Show Versions

Manual Chapter: Customizing Access Policy Manager Features
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

15 
Setting up access profile customization
In an access profile you can customize the logon page components, as well as many other aspects of logon page behavior. You can customize access profile settings to provide users with a more branded or localized experience for the logon page and for error messages.
Note: If you customize messages, you must customize the same messages separately for each accepted language. Otherwise, default messages will appear for any accepted language for which you have not customized messages. It is recommended that if you customize messages for a specific accepted language, you remove all other languages from the accepted language list. You can add and remove languages from the accepted language list in the access profile.
1.
On the Main tab of the navigation pane, expand Access Policy, then click Access Profiles.
The Access Profiles Profile List screen opens.
2.
Click the name of the profile to customize.
The Access Profiles Properties screen opens.
3.
Click the Customization tab.
The Access Profile Customization screen opens.
4.
Under Customization Lookup, from the Customization Type list, select the element you want to customize.
5.
From the Language list, select the language for which you want to customize the access profile.
6.
Click the Find Customization button.
The screen refreshes to show the selected customization information.
8.
To restore the default setting for a customization, click the Restore button next to the setting. To restore all defaults for a customization category, click the Restore All Defaults button.
9.
Click Update.
You can customize the endpoint security messages that appear when the client or browser processes endpoint security checks. To display endpoint security messages on the Customization page, from the Customization Type list select eps, from the Language list select the language for which you want to customize messages, then click Find Customization.
Specifies the message displayed while the Windows machine certificate check action is checking the system.
Specifies the message displayed while the Protected Workspace action is starting the protected workspace.
Specifies the message displayed on the client when protected workspace resumes the logon procedure after starting.
Windows Protected Workspace continuing: extended message
Specifies the message displayed when the protected workspace starts, and the system requires some time to display the protected workspace.
Specifies the message displayed when browser settings have changed, and the user must open a new browser window to continue.
Specifies the messages displayed when client-side security checks fail. You can specify link text to cancel and link text to continue. The continue link allows the client to continue on the fallback branch.
Specifies the message displayed when the cache and session control ActiveX control is loading and the user may be prompted to allow cache and session control installation.
Specifies the text displayed when the client requires ActiveX to start the cache and session control plug-in, and ActiveX is not available or enabled.
Specifies the message displayed when a popup blocker is enabled. The message includes information on how to allow popups from the BIG-IP device.
Note: We recommend that you use an HTML editor to edit the HTML code for this box. The code appears unformatted and without line breaks in the box.
Specifies the message displayed when the cache and session control plug-in fails to start. The message includes information on possible causes.
Note: We recommend that you use an HTML editor to edit the HTML code for this box. The code appears unformatted and without line breaks in the box.
Specifies the text displayed while the cache and session control plug-in starts.
Note: We recommend that you use an HTML editor to edit the HTML code for this box. The code appears unformatted and without line breaks in the box.
You can customize the error messages that appear when the client or browser encounters errors while processing the logon page or running access policy sessions. To display error messages on the Customization page, from the Customization Type list select errormap, then from the Language list select the language for which you want to customize error messages, and then click Find Customization.
Specifies the error displayed when the resource cannot be assigned because the limit on the number of sessions has been reached.
Specifies the text displayed when the RADIUS user name or password is incorrect, and includes the error message from the RADIUS component.
Specifies the text displayed when a RADIUS challenge fails, and includes the error message from the RADIUS component.
Specifies the text displayed when the LDAP user name or password is incorrect, and includes the error message from the LDAP component.
Specifies the text displayed when the Active Directory user name or password is incorrect, and includes the error message from the Active Directory component.
Specifies the text displayed when the Active Directory password has expired, and includes the error message from the Active Directory component.
Specifies the text displayed when the attempt to change the Active Directory password failed, and includes the error message from the Active Directory component.
Specifies the text displayed when the RSA SecurID logon or password is incorrect, and includes the error message from the SecurID component.
ActiveX is not allowed or unsupported
Specifies the error displayed when the access policy attempts to load an ActiveX control in Microsoft Internet Explorer, and ActiveX is not enabled.
Installation failure
Specifies the error displayed when installation of a browser component fails.
Specifies the error text displayed when a resource assign action is configured to assign a web application webtop with a network access resource. Webtop and resource types must match.
Specifies the error text displayed when a resource assign action is configured to assign a network access webtop with a web application resource.
Specifies the error text displayed when a network access webtop is configured with no network access resource. Webtop and resource types must match.
Network Access and Web Application resources assigned
Specifies the error text displayed when both network access and web applications resources are assigned to an access policy branch.
Web Application resources have inconsistent patching methods
Specifies the error text displayed when multiple web applications are assigned to an access policy branch, with different patching methods. All web application resources assigned to an access policy branch must use the same patching method.
Specifies the error text displayed when web application resources configured in Minimal Patching mode contain inconsistent host replace strings.
Unknown error
Specifies the text displayed when an unknown error occurs.
You can customize the layout and content of components that appear on the logon page when the access policy is starting, by customizing the framework installation. To display the framework installation content on the Customization page, from the Customization Type list select framework installation, from the Language list select the language for which you want to customize the framework, then click Find Customization.
Note: We recommend that you use an HTML editor to edit the HTML code for the framework installation. The code appears unformatted and without line breaks in the boxes.
Specifies the page text and links that prompt a user to install a new ActiveX browser component. This screen appears for Windows Internet Explorer users only.
Browser plugin install with manual install options screen
Specifies the page text and links that prompt a user to install a new browser plug-in component. This screen provides manual download and installation options. This screen appears for most operating systems and browsers.
Browser plug-in install with manual install options screen (Linux)
Specifies the page text and links that prompt a user to install a new browser plug-in component. This screen provides manual download and installation options. This screen appears for Linux operating systems and browsers.
Specifies the page text and links displayed when the user's browser does not currently allow software installation. This page contains information about how to enable software installation, and links to continue to install plug-ins or to continue without installing the browser plug-ins.
Specifies the page text and links displayed when the user's browser does not currently allow software installation.This page contains information about how to enable software installation, and links to continue to install plug-ins or to continue without installing the browser plug-ins. This screen appears for Linux operating systems and browsers.
Specifies the text that appears on a page with a Java applet to install a new browser plugin. This page appears only on non-Windows systems.
Specifies the page text and links that appear when the Java applet is installing software. This page appears only on non-Windows systems.
Specifies the page text and links that appear when the Java applet is installing software. This page appears only on Macintosh systems with the Safari web browser.
Specifies the page text and links that appear when the installation of software with a Java applet fails. This page allows the user options to restart the session, download and manually install the software, or continue without installing software. This page appears only on non-Windows systems.
You can customize the styles (CSS) for the logon page. To display these elements on the Customization page, from the Customization Type list select general_ui, from the Language list select the language for which you want to customize the framework, then click Find Customization.
Specifies the background color of the page, in hexadecimal format. For example, red is #FF0000. The default is white (#FFFFF).
Specifies the font family, for example, Arial, Helvetica, sans-serif.
Specifies the background color of the page header area, in hexadecimal format. For example, red is #FF0000. The default is white (#FFFFFF).
Specifies the image that is displayed on the left side of the header. Click Browse to select a local file. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image that is displayed on the right side of the header. Click Browse to select a local file. Click the View/Hide link to show or hide the specified graphical element.
Footer font size (px) - Specifies the text size for the footer text, in pixels. For example, 12px.
Footer text - Specifies the text message in the form footer.
Specifies the background color of the main table, which includes the logon form and image cells. This color is specified in hexadecimal format. For example, red is #FF0000. The default is white (#FFFFFF).
Specifies the width of the table cell allotted for the logon form, in pixels or as a percentage. For example, 50% or 350px.
Note that page width as a whole, of which this value is a portion, is defined with the Page Width setting.
Specifies the width of the table cell allotted for the logon page image, in pixels or as a percentage. For example, 50% or 350px.
Note that page width as a whole, of which this value is a portion, is defined with the Page Width setting.
- Specifies the default image displayed when a logon page is returned to the user. Click Browse to select an image. Click the View/Hide link to show or hide the specified graphical element.
The initial logon page image is not specified here. You can specify the initial logon page image in the logon page action in the access policy.
Specifies the height of the logon form, in pixels, as a percentage of the logon form cell, or automatically, based on the contents of the cell. For example, 600px, 50%, or auto.
Specifies the background color of the logon form, in hexadecimal format. For example, red is #FF0000. The default is light gray (#EEEEEE).
You can customize logout components. Logout components are messages that are displayed when a user cannot log on because of an access policy error, or when the user logs off successfully. These messages can be customized with logout customization. Options for customizing logout messages include text for several purposes:
Table 15.14 Logout components
Provides a more specific error message that follows the error title, which indicates that a problem may have occurred during access policy evaluation.
Specifies the text label for the hypertext link to start a new session, such as click here. This link follows the New Session Text.
Specifies the message displayed when the user attempts to access a page to which access is specifically denied by an access control list.
You can customize the appearance of a webtop, including the language of the webtop, the layout of the webtop screen, the messages displayed when starting and closing the connection, and any error messages.
A webtop must be assigned to an access profile to see and customize the webtop for the languages assigned to the access profile. If you customize a webtop that is not assigned to any access profile, you can customize the default set of languages only.
1.
On the Main tab of the navigation pane, expand Access Policy, then click Webtops.
The Webtop List screen opens.
2.
Click the name of the webtop to customize.
The Webtop Properties screen appears.
3.
Click the Customization tab.
The Webtop Customization screen appears.
4.
From the Language list, select the language for which you want to customize settings.
5.
Click the Find Customization button.
The screen displays customization settings.
Specifies the code that creates the main logon form. We recommend that you edit this code in an HTML editor to make the layout easier to view. The main logon form is created from dynamic elements that you can configure on this screen.
Do not add manual line breaks to the webtop form; this causes errors. Use the <br> tag to add a line break to the code.
Specifies the code that creates a local credentials request screen. This is required for Linux systems only. We recommend that you edit this code in an HTML editor to make the layout easier to view.
Do not add manual line breaks to the webtop form; this causes errors. Use the <br> tag to add a line break to the code.
Specifies the message displayed when an error occurs, and the connection is dropped. Check the log files for more specific information.
Routing table change caused disconnect error message
Specifies the error displayed when a change to the client routing table causes the session to stop and the client to be disconnected.
Specifies the message displayed when an internal client error occurs and causes the network access session to fail. Check the log files for more specific information.
Specifies the error message displayed when an error occurs on the server, and causes the session to fail. Check the log files for more specific information.
F5 plug-in not installed or incompatible plug-in error message
Specifies the error message displayed when the F5 plug-in is not installed or is incompatible with the current server. This error occurs on Macintosh and Linux clients only.
Specifies the message displayed when a newer version of the BIG-IP® Edge Client® plugin is available for download from the server.
Specifies the message displayed when the secure connection is stopped by the client. Check the log files for more specific information.
Specifies the error message displayed when the client cannot make a connection to the server. Check the log files for more specific information.
Specifies the error message displayed when the pppd daemon cannot start. This error occurs on Macintosh and Linux clients only.
Installation error pppd daemon not found in /usr/sbin directory (mac/linux)
Specifies the error message displayed when the pppd daemon cannot start. This error occurs on Macintosh and Linux clients only.
Logout link - Specifies the link text on the webtop screen that the user clicks to log out.
Relaunch applications link - Specifies the link text on the webtop screen that the user clicks to restart the applications that are defined in the network access launch applications section.
New session text - Specifies the text that precedes the new session link.
New session link - Specifies the link text on the webtop screen that the user clicks to start a new session.
Web application timeouts cause special behavior on the web application webtop screen. When the session reaches the session timeout guard time, Access Policy Manager displays a session timeout warning, and dims the screen behind the warning. Depending on the type of timeout, the user sees different choices. You can use the following options to customize and configure session timeout options.
Specifies the hexadecimal color value of the background that appears behind the session timeout warning pop-up screen, when the timeout occurs because the session is inactive.
Specifies the hexadecimal color value of the background that appears behind the session timeout warning pop-up screen, when the timeout occurs because the session has reached the maximum timeout.
Specifies the message presented above the user actions that are available in the inactivity timeout and maximum timeout pop-up screens.
Specifies the link text presented in the inactivity timeout pop-up screen that the user clicks to continue the session.
Specifies the link text presented in the maximum session timeout pop-up screen that the user clicks to return to the session.
Session timeout return to session without further maximum timeout reminders link
Specifies the link text presented in the maximum session timeout pop-up screen that the user clicks to return to the session and turn off any further session expiration warnings.
Specifies the link text presented in both the maximum session timeout and inactivity timeout pop-up screens that the user clicks to end the session.
Specifies the text that precedes the amount of time until the session expires in both session timeout pop-up screens.
Specifies the text heading on the session timeout warning pop-up screen, when the timeout occurs because the session is idle.
Specifies the text heading on the session timeout warning pop-up screen, when the timeout occurs because the maximum duration for the session has been reached.
Web applications connections include an optional hometab, which provides buttons and links for working with web applications and a URL bar. You can customize and configure the hometab with the following options.
Specifies the background image used on the hometab. This image is tiled on the hometab. Click the View/Hide link to show or hide the specified graphical element.
Specifies the background image used on the left and right sides of the hometab. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image used to reduce the hometab. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image that represents the hometab when it is reduced. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image that is used to separate elements on the hometab. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image that the user clicks to open the specified URL in the current window. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image that the user clicks to open the specified URL in a new window. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image for the link that the user clicks to go to the web applications home screen. Click the View/Hide link to show or hide the specified graphical element.
Specifies the image for the link that the user clicks to log out of the web applications connection. Click the View/Hide link to show or hide the specified graphical element.
This is a comma-separated list of all the elements displayed on the hometab. The hometab is arranged in the order in which you specify these elements. Elements can be used more than once. The default specification is:
In a connectivity profile, you can customize the appearance of the BIG-IP® Edge Client® and the web client. The settings you specify are saved with the connectivity profile, and applied when you and your users download the client package.
1.
On the Main tab of the navigation pane, expand Access Policy, and click Connectivity Profiles.
The Connectivity Profiles list screen opens.
3.
Click Client Customization.
The Client Customization screen opens.
4.
From the Language list, select the language for which you want to customize settings.
5.
Click the Find Customization button.
The screen displays customization settings.
6.
Configure customization settings for the client.
You can restore any setting to its default by clicking the Restore button next to the setting.
7.
When you have finished, click Update.
You can restore all settings to their defaults by clicking the Restore All Defaults button.
You can customize the following BIG-IP® Edge Client® settings:
Specifies a logo file to show in the banner area at the top of the client screen. Logo files can be PNG, GIF, BMP, or JPG files up to 96x48 pixels in size. A logo file can also be an icon (ICO) file up to 48x48 pixels in size.Click Browse to select a custom logo file. Click View/Hide to view the current selected logo. The default logo is the F5 red ball.
Specifies the set of icons to display in the system tray when the client is in use. Select F5 to show the F5 red ball in the system tray. Select Generic to show a set of unbranded icons.
Specifies the copyright text displayed when the user selects About from the BIG-IP Edge Client® menu. The default text is Copyright (C) 2004-2009 F5 Networks, Inc.
Specifies the link text displayed below the copyright when the user selects About from the BIG-IP® Edge Client® menu. The default link text is http://www.f5.com.
BIG-IP® Access Policy Manager® provides a few generic end-user web pages such as logon and logoff pages. You can localize and customize these pages using the standard customization feature available in the Configuration utility. For example, you can customize or replace all text messages and images on these pages with your own defined messages. However, you cannot modify the page style and page framework using this feature, and you cannot add images to these pages. To overcome this limitation of normal customization, you can use the advanced customization feature to provide a set of your own customized pages, which can then seamlessly serve requests to the Access Policy Manager.
The purpose of this appendix is to provide examples and procedures of how you can maximize this feature through the command line interface. When you complete the tasks, you will have a working version of the functionality used in the scenario.
Important: Although flexible, this feature is intended for advanced users.
Therefore, you should carefully study the template files before using advanced customization.
For this example, you should already have configured an access policy on your system. For more information on how to create an access policy, refer to Chapter 7, Creating Access Profiles and Access Policies.
Run the advCustHelp utility to generate instructions for advanced customization.
After you have an access policy configured, the Access Policy Manager default pages are ready to serve requests using the instructions generated by the advCustHelp utility. Using the instructions, you can provide your own pages for an existing profile through advanced customization.
1.
At the UNIX command prompt, type /usr/bin/advCustHelp <profile_access_name>.
2.
Use a profile that you have created.
The advCustHelp utility generates the instructions shown in Figure 15.1.
The instruction file shown in Figure 15.1 lists all the file names used to leverage the advanced customization feature. Additionally, it provides instructions on where to include the images, and how to link to these images in the web page.
Figure 15.1 Instructions file generated by the advCustHelp utility

[root@bigip6401mgmt:Active] config # advCustHelp myProfile
Profile Name : myProfile The list of advanced customization files are /config/customization/advanced/logout/myProfile_logout/logout_en.inc /config/customization/advanced/logout/myProfile_logout/logout_ja.inc /config/customization/advanced/logout/myProfile_logout/logout_zh-cn.inc /config/customization/advanced/logout/myProfile_logout/logout_zh-tw.inc /config/customization/advanced/header/myProfile_header/header_en.inc /config/customization/advanced/header/myProfile_header/header_ja.inc /config/customization/advanced/header/myProfile_header/header_zh-cn.inc /config/customization/advanced/header/myProfile_header/header_zh-tw.inc /config/customization/advanced/footer/myProfile_footer/footer_en.inc /config/customization/advanced/footer/myProfile_footer/footer_ja.inc /config/customization/advanced/footer/myProfile_footer/footer_zh-cn.inc /config/customization/advanced/footer/myProfile_footer/footer_zh-tw.inc /config/customization/advanced/logon/myProfile_act_logon_page_ag/logon_en.inc /config/customization/advanced/logon/myProfile_act_logon_page_ag/logon_ja.inc /config/customization/advanced/logon/myProfile_act_logon_page_ag/logon_zh-cn.inc /config/customization/advanced/logon/myProfile_act_logon_page_ag/logon_zh-tw.inc /config/customization/advanced/logout/myProfile_end_denied_ag/logout_en.inc /config/customization/advanced/logout/myProfile_end_denied_ag/logout_ja.inc /config/customization/advanced/logout/myProfile_end_denied_ag/logout_zh-cn.inc /config/customization/advanced/logout/myProfile_end_denied_ag/logout_zh-tw.inc
1.
Save the required images to the following location: /config/customization/advanced/images/myProfile.
The name of the image must be in this format: [0-9][0-9].(gif|ping|jpg|jpeg|]
2.
From the advanced customization files, ensure that the image links appear like this: /public/advanced/images/myProfiles/image[0-9][0-9]
For example, image00.jpg.
You will be using a series of existing templates to create your custom pages. These templates are actual copies of the generic pages used by Access Policy Manager. We recommend that you leverage these existing templates to create your own pages.
1.
At the UNIX command prompt, type:
cd /config/customization/advanced/header/myProfile_header and press Enter.
2.
At the UNIX command prompt, type ls.
The following header pages are available: tmp_header.inc tmp_header_en.inc tmp_header_ja.inc tmp_header_zh-cn.inc tmp_header_zh-tw.inc.
The sample header page (available in different languages) includes two images: logo and banner.You can replace these images with your own images.
1.
At the UNIX command prompt, create the following directory by typing mkdir/config/customization/advanced/images/myProfile.
3.
At the UNIX command prompt, type: /config/customization/advanced/header/myProfile_header
For the purpose of this example, we are using English as the language of choice, so make sure you use the tmp_header_en.inc template. The HTML code that you display should be properly formatted for easier readability, as shown below.
<td><img border="0" src='/public/images/my/flogo.png'><!--[if IE 6]><img border="0" src="/public/images/my/tr.gif" class="pngfix" style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoade
<td valign="middle" align="right"><img border="0" src='/public/images/my/fbanner.png'><!--[if IE 6]><img src="/public/images/my/tr.gif" border="0" class="pngfix" style="filter:progid:DXImageTra
4.
Copy the template tmp_header_en.inc to header_en.inc.
You can now use any text editor, such as vi, to modify the content of the file.
5.
After you have edited the file, the system should display code. The page is now ready to be used. You need to notify the Access Policy Manager system that the new page is ready, and you need to clear the old pages from the cache.
class="pngfix" style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='/public/images/my/flogo.png',siz
<td valign="middle" align="center"><img border="0" src='/public/advanced/images/myProfile/image00.jpg'><!--[if IE
6]><img src="/public/images/my/tr.gif" border="0" class="pngfix" style="filter:progid:DXImageTransform.Microsoft.Alpha
<td valign="middle" align="right"><img border="0" src='/public/images/my/fbanner.png'><!--[if IE 6]><img src="/pub
lic/images/my/tr.gif" border="0" class="pngfix" style="filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(src='
Once you have gone through the previous steps, you must activate your configuration so that the new pages display correctly.
1.
At the UNIX command prompt, type % b customization group myProfile_header action update.
2.
At the UNIX command prompt, type % b profile access myProfile generation action increment, or from the Configuration utility, you can click activate access policy from the profile you created.
The system displays the modified header page.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)