Jump to content
Welcome to our new Citrix community!

Netscaler 10.1 Rewrite Policy hide password 2 field


Christian Hock

Recommended Posts

Hello Forum,

 

we need a second virtual server on the netscaler with 2FA and a hidden password 2 field for SMS authentication

The first virtual server works with 2FA and RSA.

We create a rewrite Policy described in this article: CTX215611

But the second field still exists.

What can we do on the netscaler? Or is this not possible?

Thanks

 

Regard

 

 

vServer.jpg

Rewrite_Pol.jpg

Rewrite_Action.jpg

Link to comment
Share on other sites

Hi, your firmware is out of support and you're also attempting to use what would appear to be a KB for what I'd wager is a much newer firmware (judging by article date, probably 11.1 or higher) and might not work with yours. One thing to try from my own experiences, is to flush cached objects int he integrated caching area, and try again from a private browsing session. NetScaler tends to hold onto some configs rendered on the gateway login page. If you aren't licensed for that (Enterprise or higher), as weak as it sounds I've had success invoking an appliance failover to get login page rewrites to take effect. 

 

What RADIUS platform are you using that presumably will prompt the user on the second page?

Link to comment
Share on other sites

Hello,

 

we have the custom White Portal Theme.  The Workaround from Duo do not wok for us.

 

We want to use the WrightCSS Radius for Mail. It is only for external supporters.

It is not possible, that the first page shows the LDAP Login, and then when the user entered the credentials, the second page for the token opens.

 

Regards

 

 

 

Link to comment
Share on other sites

Not with your out of support firmware it isn't I do not believe, at least not natively. Newer firmwares support the nFactor feature (Advanced\Enterprise license and above) which will allow you to separate different authentication methods onto different pages. Duo doesn't use nFactor due to how its configured thus is able to show on a separate page as designed. That being said, there are other 2FA solutions that can natively do what you're after. I have for example had this done with FortiNet's FortiToken config where NetScaler delegates auth to FortiToken via RADIUS at NetScaler (you dont bind two auth policies such as primary and secondary so your second field does not show), and it presents back to the user LDAP + RADIUS auth on separate pages one after the other. Not sure if your WrightCSS is capable of doing that (being fully delegated to for auth, authenticating the user to LDAP as well as RADIUS).

Link to comment
Share on other sites

  • 2 months later...

Hello,

 

now we have a new Netscaler (12.1 50.28). But the policy do not work.

We create this rewrite policy:

https://support.citrix.com/article/CTX215611

We disable the authentification in the LDAP policy, then the second password field is not visible. But it do not show the second page after we type the credentials.

Any idea?

Regards

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...