There are many SMS 2-factor solutions for Citrix Web Interface, but only one of them are free. This awesome add on has been created by Claus Isager and there exist many blog posts dating back to 2007. Since then many things have change e.g. the release of Citrix Web Interface 5.4 and the fact that more and more companies are running Windows 2008 R2.
So in this blog post we’ll show you how to install and configure this solution for the x64 platform. First you need to download the source files from Claus Isager web site and make sure you have .NET Framework 3.5 on the domain controller(s) you want to use to manage this SMS 2-factor solution.
Copy the following files below into C:\Program Files (x86)\SMSToken
SMSToken.dll from the SmsToken_AD64.zip
From CMD run the following command : InstallUtil.exe SMSToken.dll
Open Active Directory Users and Computers and check that you’ve got the SMS Token tab as show in the first image. This is not an Active Directory Schema extension so don’t worry. At the same time set a pin code for your test user and select if you want to use Flash or Normal SMS delivery. Also make sure you add a phone number in the Telephone Number field with the format +47xxxxxxxx.
Head over to Clickatell and create a free account. Make sure you select Central API. Even tough the sign up is free you need to buy at least 400 credits for $23.36.
When you’re finished with the registration and the validation process you’ll need to create a HTTP API Connection. Note down the details because you need those later.
From your Citrix Web Interface 5.4 server create a test site and set Authentication Methods – Properties – Two-Factor Authentication to Safeword.
Navigate to <yoursite>\app_code\PagesJava\com\citrix\wi\pages\auth\twofactor\ and make a backup copy of the files NextTokenCode.java and ChangePinUser.java to C:\Temp (Cannot be the same folder).
From the sms5254email.zip copy all the 3 java files and replace the current files in this folder. Then do the following :
- Copy smscode.dll to <yoursite>\bin
- Copy smscode.aspx to <yoursite>\auth
- Copy smscode.conf to the <your site>\conf
- Edit smscode.conf with your API information
- Edit webinterface.conf
- Replace the line in Webinterface.conf AdditionalExplicitAuthentication=Safeword with
The final step is to change the IIS Application Pools – Advanced – Identity to NetWorkService and then finally restart the IIS Server.
Happy Go Lucky! There’s also documentation in the source files, but it was missing information related to Citrix Web Interface 5.4 and Active Directory on Windows 2008 R2. If you have any topics you want us to blog about, just drop a comment below.
I blew $23.36 on this blog post so it would be cool if you shared this post with others by Clicking on the Social Icons below.
8 thoughts on “Free SMS 2-Factor Token for Citrix Web Interface 5.4”
PhoneFactor offers free phone based authentication for up to 25 users. It is a very nifty solution with lots of nice features.
Thanks for the comment Ken, look great. Have you tried this solution with Citrix Web Interface or Access Gateway?
Have you set this up to be used with Citrix Access Gateway?
Hi Scott, this won’t work with Citrix Access Gateway. I would recommend SMS Passcode or go with Citrix Secure Gateway.
I have had a lot of request for SMS Token to support CAG, so I made a solution that will work with CAG.
The current version does not support pin’s and is only tested on a limited scale. I only have access to a Netscaler VPX. 🙁
Awesome, finally a site for your project. Will check it out soon
Testing this solution and seems good, however, the PASSCODE field that now comes on the CSG doesnt seem to do anything? I can type whatever I like there and I will still get to the token page where I enter the recived token on SMS. Bug? CSG 5.4
Hi Helge, could be a bug, would recommend you contacting the creator. This is his webpage : http://www.isager.dk/is/