How to Create a Specific Customized Logon Page for Each VPN vServer Hosted on the Access Gateway Enterprise Edition and Redirect Users Based on Each Fully Qualified Domain Name


Many a times there arises a need to customize the Netscaler logon page when you have multiple vServers hosting accesspoints on the same Netscaler appliance. Here is how it is achieved.

Summary

This article describes how to customize a different logon page for each VPN Virtual Server, hosted on the Access Gateway Enterprise Edition, and how to configure the NetScaler appliance to redirect users to the customized page based on the Fully Qualified Domain Name (FQDN).

Requirements

  • Access to the Access Gateway Enterprise Edition/NetScaler GUI
  • Access to the Access Gateway Enterprise Edition/NetScaler shell using PuTTY or equivalent SSH client
  • WinSCP or equivalent secure file transfer application

Prerequisites

The Access Gateway Enterprise Edition must be licensed for the Responder Feature to address this scenario. To ensure that the Access Gateway Enterprise Edition appliance is licensed for the Responder feature, complete one of the following tasks:

  • From the GUI, expand the System node and click Licenses.
    In the Licenses page, verify if the Responder feature is enabled, as shown in the following screen shot:

Or

  • Run the following command from the Command Line Interface:
    >show license

Background

There are situations where more than one VPN virtual servers are hosted on the Access Gateway Enterprise Edition appliance. You might want to customize a different logon page for each VPN virtual server.

The following VPN virtual servers are hosted on the Access Gateway Enterprise Edition appliance:

VPN virtual server example.com is configured for Lightweight Directory Access Protocol (LDAP) authentication.

The Logon page is displayed as shown in the following screen shot:

When VPN virtual server example.org is configured for Radius and LDAP authentications, the Logon page is displayed as shown in the following screen shot:

You must change the passcode field to password on the VPN virtual server example.com.

However, if the logon page is customized, it affects the VPN virtual server example.org. It is recommended to keep the logon page unchanged, otherwise it appears as shown in the following screen shot:

Procedure

To customize a different logon page for each VPN Virtual Server hosted on the Access Gateway Enterprise Edition appliance and to configure the NetScaler appliance to redirect users to the customized page based on the FQDN, complete the following procedure:

  • To enable the Responder feature on the NetScaler appliance, complete one of the following tasks:
    From the Command Line interface, run the following command:
    >enable feature Responder

    Or
    From the GUI, navigate to System > Settings. In Modes and Features, select Configure Advanced features (ensure that you select the Responder feature), click OK, and then click Close.

  • You can have multiple index.html and login.js files, because can rename them.

a. Retain the default index.html and login.js files for VPN virtual server example.org.

b. Create index_modified.html and login_modified.js files for the VPN virtual server example.com.

c. Modify the line 7 of index_modified.html to refer to the new login_modified.js file as shown in the following screen shot.

  • Customize the logon page for each VPN virtual server (example.com and example.org) by referring the following articles:

a. For Access Gateway Enterprise Edition/NetScaler software release 8.1 to 9.1: CTX118305 – Customizing Access Gateway Enterprise Edition Logon Page Starting with Build 59.x

b. For Access Gateway Enterprise Edition/NetScaler software release 9.2: CTX126206 – How to Customize the Logon Page of a Access Gateway Enterprise Edition Release 9.2 Appliance

  • To configure a Responder Action where you redirect users accessing https://example.com to the modified index.html file, complete one of the following tasks:
    From the command line interface:
    >add responder action redirect_remotesite redirect “\”https://example.com/vpn/index_modified.html\””
    Or
    From the GUI:

a. Select Responder > Actions > Add.

b. Enter a name for the action.

c. Select Redirect under Type*.

d. Enter the target URL as “https://example.com/vpn/index_modified.html”.
Note
: Ensure that you include the quotes.

  • To configure a Responder Policy to define the condition that redirects users, complete one of the following tasks:
    Note
    : Ensure you include the URL condition, otherwise you might experience issues such as loops.
    From the command line interface, run the following command:
    >add responder policy redirect_remotesite_policy “HTTP.REQ.HOSTNAME.EQ(\”example.com\”) && HTTP.REQ.URL.CONTAINS(\”index.html\”)” redirect_remotesite_action

    Or
    From the GUI, complete the following procedure:

a. Select Responder > Policies > Add.

b. Enter a name for the policy.

c. In the Action field, select the action you defined previously.

d. In the Expression field, enter the following expression:
HTTP.REQ.HOSTNAME.EQ(“example.com”) && HTTP.REQ.URL.CONTAINS(“index.html”)

  • To bind the Policy Globally, complete one of the following tasks:
    From the command line interface, run the following command:
    >bind responder global redirect_remotesite_policy 1 END -type REQ_DEFAULT

    Or
    From the GUI, complete the following procedure:

a. Go to Responder > Policies > Click Policy Manager.

b. Select Default Global>>Insert Policy and select the Responder Policy you created.

c. Double-click the Priority field to define the Priority.

d. Click Apply Changes.

e. Click Close.

Note:

  • To make the changes persistent after you restart the appliance, complete the following tasks:

a. Decide the name of the new folder to hold the Access Gateway Enterprise Edition virtual server customized files.
For example, the folder name is customizations in the /var directory:

b. Using a text editor, create the text file named rc.netscaler with the following single line of content:
#cp -R /var/customizations/* /netscaler/ns_gui/

****Make sure there are no blank lines following this line****

  • Connect to the appliance using a secure copy utility like WinSCP, and copy all the folders from directory /netscaler/ns_gui to directory /var/customizations.
  • Using WinSCP, copy the rc.netscaler file to the /nsconfig folder of the appliance.
  • Restart the appliance.

More Information

WinSCP download:

http://winscp.net/eng/download.php

PuTTY download:

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Disclaimer

This sample code is provided to you “AS IS” with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the code should include only your own standard copyright attribution,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s