Many companies wish to customize portions or add their little quirks/branding to sections of the Netscaler Gateway/Unified Gateway logon page. With the introduction of 11.x, customizing the logon page has became increasingly easy.
This blog post will cover adding a disclaimer/footer to the logon page. This can be done via the ‘EULA’ section of the NG. This approach adds a ‘checkbox’ that you must check before you can continue. However, you don’t actually need to read any part of the EULA/Disclaimer. You can simply just check the box and continue on your way. This might not be suitable for some companies as the user doesn’t need to actually read the text to continue.
You can use ‘Rewrite’ Policies to add a disclaimer/EULA/Footer to the logon page that is 100% shown all the time. This Rewrite policy can be bound to any Netscaler Gateway vServer. I’ll give you the commands to create the Rewrite policies. This method is probably the easiest as the GUI is not intuitive enough to perform this without in-depth knowledge. Not to mention the information/code seems to change for each version (10/10.1/10.5/11). It would be great if Citrix documented this more thoroughly, or provided us a simple web gui that denotes each section of the logon page that corresponds to the Rewrite policy pattern. As a bonus I added a URL to the bottom as well. (You’ll notice that I insert “+” every so often. This is to get around the 255 character limit.)
Here are the 2 commands that you run:
add rewrite action rw_act_insert_loginfooter insert_before_all “HTTP.RES.BODY(120000).SET_TEXT_MODE(IGNORECASE)” q{ “var login_footer=$(\”<div style=’text-align:center;font-size:15px;color:white;’><br>US Government Notice and Consent. AUTHORIZED USE ONLY. <br><br>You are accessing a COMPANY system which provides access to a U.S. Government information system, which “+” includes: (1) this computer, (2) this computer network, (3) all computers connected to this network, and (4) all devices and storage media attached to this network or to a computer on this network. This information system is provided for U.S. “+” Government-authorized use only. Unauthorized or improper use of this system may result in disciplinary action, as well as civil and criminal penalties.<br><br>”+”By using this information system, you understand and consent to the following: You have no reasonable expectation of privacy regarding any communication or data transiting or stored on this information system. At any time, and for any lawful “+” Government purpose, the Government may monitor, intercept, and search and seize any communication or data transiting or stored on this information system. “+” Any communication or data transiting or stored on this information system may be disclosed or used for any lawful Government “+” purpose.<br><br><a style=’color:yellow;font-size:15px’ href=’https://verticalagetechnologies.com/’>Forgot Password</a></div>\”).appendTo(logonbox_container);”} -pattern “box_view.prepare_view();”
add rewrite policy rw_pol_insert_loginfooter “HTTP.REQ.URL.CONTAINS(\”gateway_login_view.js\”)” rw_act_insert_loginfooter
Next, you’ll go to the NG vServer in the GUI and add a binding for the Rewrite policy.
Tip: When testing to confirm everything worked, you’ll need to clear your browsers’ internet cache to see the changes right away.
Result:
That’s it. You now have a working disclaimer.
For those doing two factor authentication, I haven’t found a way to change the 2nd password field using a Rewrite policy on 11.x. For now you are better off creating a custom theme.
have you tested this rewrite policy on 10.5? thanks
I have not, just on 11.x.
Does that only apply to the default login portal? or to all X1 / greenbubble and RFWebUI theme?
This should apply to all themes since it’s using the ‘gateway_login_view.js’ lookup. Let me know if you see otherwise.
great work Steve!
Sorry not much of a coder can you explain the “+” usage?
This is to get around the 255 character limit.
Do we need to use the policy name as rw_pol_insert_loginfooter and action name as rw_act_insert_loginfooter?
Can we use our own name for easy differentiation?
you bet, you can use whatever names you like.