Björn Schläfli Posted March 30, 2022 Share Posted March 30, 2022 Since Netscaler 11 I've used X1 theme with rewrite policy to create a drop-down to use this cookie to send users based on selection to different receiver for web sites by session policies / actions. Following How to Add Drop-Down Menu with Domain Names on Logon Page for NetScaler Gateway 11.0 64.x and Later (citrix.com). Lately I've updated to 13.1. X1 is deprecated and has to be replaced by RfWebUI Theme. The rewrite solution does not work with RfWebUI. How can I create a custom drop-down from which I can get users selection? Is that still possible? We currently also have a java script function in gateway_login_form_view.js that I would have to reconfigure somewhere. Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted March 30, 2022 Share Posted March 30, 2022 You use the drop down via the login schemas and nfactor policies (whether you actually need an nfactor flow or not). Either a drop down list can be part of the regular username, password, <domain> login OR you can use a domain drop down first that then allows you to change which atuhentication flow you use per domain. Link to comment Share on other sites More sharing options...
Björn Schläfli Posted April 7, 2022 Author Share Posted April 7, 2022 I've already done some reading in nFactor. I can create a drop-down with a login scheme, but how can I forward the user to the appropriate storefront based on the selected domain? First authentication is radius on a system which is not in my competence and second is ldap with noauth (used only to read attributes and use a special one for redirections). Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted April 9, 2022 Share Posted April 9, 2022 You probably need the LDAP to actually perform authentication, otherwise you are radius only. But the domain drop down list sets a value that you can use to trigger the subsequent authentication policies if applicable AND that value can also used as a trigger for later session policies. One of several examples, using the nfactor visualizer wizard: https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/configure-domain-drop-down-username-and-password.html If you use the default schema and jsut change the display names, then your session policies would see domain1 as AAATM.com and domain2 as NSI-test.com. If you change the drop-down list values when editing the schema, you can make it look for domain1 and domain2 names that you are using in the display field as well. So, the session policy triggers for store1 vs store2 would be something like this: There's a couple of different end results, depending on which example is used: NOTE: these are all case-senstive, so have to exactly match the "value" in the drop-down login schema setup: HTTP.REQ.BODY(50000).CONTAINS("NSI-test.com") HTTP.REQ.BODY(50000).CONTAINS("AAATM.com") HTTP.REQ.BODY(50000).CONTAINS("domain1.com") HTTP.REQ.BODY(50000).CONTAINS("domain2.com") The reference above, uses the expression like: http.req.body(500).after_str("domain=").contains("NSI-TEST.COM") http.req.body(500).after_str("domain=").contains("AAATM.COM") 1 Link to comment Share on other sites More sharing options...
Björn Schläfli Posted April 11, 2022 Author Share Posted April 11, 2022 Hi Rhonda, many thanks for your great explanations. I've created the nFactor flow and the session policys with HTTP.REQ.BODY(500).CONTAINS("mydomain") and it's working. Thank you very much! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now