Jump to content
Welcome to our new Citrix community!

Expression for advanced policies for drop down using login schema

Venugopal Nandhakumar

Recommended Posts

I have been struggling to get a correct expression to check the selection from drop down.


we have a requirement to setup login for 2 domains and 2 authentication methods sms and token. I have created a login schema as shown below. now I need to create expression to point to different LDAP servers and Radius servers based on drop down selection. drop down section of my login schema is like this:


<Requirement><Credential><ID>nsg_dropdown</ID><Type>nsg_dropdown</Type></Credential><Label><Text>Logon Type:</Text><Type>plain</Type></Label><Input><ComboBox><InitialSelection>SMS</InitialSelection><DisplayValues><DisplayValue><Display>SMS</Display><Value>SMS</Value></DisplayValue><DisplayValue><Display>Digipass</Display><Value>Digipass</Value></DisplayValue></DisplayValues></ComboBox></Input></Requirement>
<Requirement><Credential><ID>domain</ID><SaveID>Domain</SaveID><Type>domain</Type></Credential><Label><Text>User Type:</Text><Type>plain</Type></Label><Input><ComboBox><InitialSelection>DomainA</InitialSelection><DisplayValues><DisplayValue><Display>DomainA</Display><Value>DomainA</Value></DisplayValue><DisplayValue><Display>DomainB</Display><Value>DomainB</Value></DisplayValue></DisplayValues></ComboBox></Input></Requirement>


None of the below expression passing through to reach the LDAP server. I get error after entering my credentials -“no active policy during authentication”. but if I just set it to "true" it passes through.












Any help would be much appreciated



Link to comment
Share on other sites

  • 2 months later...

Did you get this to work?


HTTP.REQ.BODY(500).AFTER_STR("domain=").CONTAINS("DomainA") and AAA.LOGIN.DOMAIN.EQ(“DomainA”) should work since "DomainA" matches your case in the XML


But these will only work in an expression immediately following the page containg that selection is posted.


Once you are able to select proper LDAP server you can grab the domain to use later by saving it as an attribute:


Presumably, domain name is in distinguished name so:

1. On LDAP server do a "More" at bottom of page.

2. In Attributes add "distinguishedName" without the quotes in one of the firelds.  I suggest attribute 3 or greater as 1,2 may be name/password passing to Storefront if that's part of your implementation.

3. You can then use an expression like, AAA.USER.ATTRIBUTE(3).TO_UPPER.CONTAINS(“MYDOMAIN”)


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...