Teamcity and Web VPN

Hi

We are trying to make Teamcity server accessible from outside our internal network (only to people with VPN access) but we are trying to do this over our WebVPN (http://www.cisco.com/en/US/products/ps6496/products_configuration_example09186a008072aa61.shtml). This is a cisco product that basically acts as a "proxy" for requests and just allows you access to applications that are available through the WebVPN.

We are getting loads of errors and Teamcity doesn't work at all. All simple web pages along with some of our other apps (JIRA, OWA, etc) work fine. On the main page it says "Please enable JavaScript in your browser to proceed with login." My Javascript is enabled and working fine but I think that the WebVPN translates the URLs in the document to conform with it's design but is not translating some of the Javascript calls (or something like that). When I actually try to log in I get an XML reply
Login failed. Incorrect username or password.]]>

Has your product ever been tested in such a configuration OR do you know any way around this.

Thanks
Colin

6 comments

Is it possible that WebVPN gateway rejects access to some of the TeamCity resources (JavaScript files)? For example, message "Please enable JavaScript in your browser to proceed with login." can be shown if some of the JS files were not loaded.

To check whether all JS files are accessible you can take a look at login page HTML code and try to load JavaScript files referenced from the page manually.

--
Pavel Sher

0

I just checked the two js files that it referenced and when I copy the URL into browser, I can see the files. I don't think this is the problem. I took a closer look at what the webvpn does and it seems like it does a whole bunch of parsing and adding to all html and javascript files.

The reason I am getting the "No Javascript" error is just because the Javascript bombs out with the following error.
-


Error: missing { before function body
Source File: https://bosgate.iona.com/http/8111/teamcity.boston.amer.iona.com/res/7759666595670082314.js?v=1213596616618,SCRIPT
Line: 717, Column: 41
Source Code:
setTimeout(webvpn_mangle_eval((function()){this.respondToReadyState(1)}).bind(this), 10);
-


and then the rest of the javacript on the page doesn't get executed.

As you can see the webvpn is adding code to the line, adding a function webvpn_mangle_eval.

Because there is a function definition inline in your code, the webvpn replace is basically putting the brackets in the wrong place. This line in your code was
setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10);
and they changed to
setTimeout(webvpn_mangle_eval((function()){this.respondToReadyState(1)}).bind(this), 10);

Is there some code I could try to get around this.

Thanks
Colin

0

Is it possible to configure WebVPN not to modify JavaScript code?

--
Pavel Sher

0

We just checked and there is no way to turn off this "feature". Can I change this javascript line with something else so the "correct" replacement text will be generated ? Any suggestions on this.

Colin

0

We probably could modify it to the way which will satisfy WebVPN. However I believe that approach chosen by WebVPN is wrong and will work in simple cases only. I do not think they have good parser of JavaScript code to modify it so freely. Even if you will be able to tune login page for WebVPN I think it will fail quickly on "projects" or on any other page where JavaScript code is far more complicated.

BTW the following line:
setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10);
belongs to one of the libraries we are using called Prototype and this line is quite correct from the JS syntax point of view. There are many other lines like this and even more complicated. If WebVPN parser fails on this construct I think it will fail on many others too.

--
Pavel Sher

0

Thanks for the info. You are totally right.. I have been looking at this as well and this is really bad parsing by Cisco. I hope their routers are better than their Javascript :)

We are going to submit a bug with them to get this fixed/disabled with their appliance.

Thanks for the help.

Colin

0

Please sign in to leave a comment.