Customize AGEE logon page for NetScaler 10.1 via Rewrite policies
June 11, 2014 7 Comments
While migrating to Access Gateway on the NetScaler 10.1. I noticed the rewrite policies I implemented on 9.3 did not work.
While this can be done with some HTML customization, etc, and/or creating your own NetScaler theme, I just wanted to change the logon page by NetScaler Rewrite Policies.
Below are the policies that will allow you to do this.
Environment
- MPX 8200 NetScaler 10.1: Build 122.17.nc
- Web Interface 5.3 (Can’t deploy StoreFront here due to custom code we use)
Issue:
When two factor authentication is configured on Access Gateway Enterprise Edition, the user is prompted for User name, Password 1, and Password 2
The issue seems to be due to change in the ‘ns_showpwd’ function on login.js under /var/netscaler/gui/vpn/ as it has been updated from 9.3
Solution:
1. Create the following actions under “Rewrite/Actions” with putty (no need to go under shell mode)
Rewrite Actions:
add rewrite action AD_agee_delete_rewrite_action delete_all “http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)” -pattern “document.write(\’ 1\’);” -bypassSafetyCheck YES
add rewrite action AD_agee_replace_rewrite_action replace_all “http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)” “\”AD Password\’\”” -pattern “\”Password\”” -bypassSafetyCheck YES -refineSearch q/extend(50,50).REGEX_SELECT(re!e![ ]*\'[ ]*\+[ ]*_\(\”Password\”\)[ ]*!)/
add rewrite action RSA_agee_replace_rewrite_action replace_all “http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)” “\”RSA Code:\’\”” -pattern “\”Password2\”” -bypassSafetyCheck YES -refineSearch q/extend(50,50).REGEX_SELECT(re![ ]*\'[ ]*\+[ ]*_\(\”Password2\”\)[ ]*!)/
Rewrite Policies:
add rewrite policy AD_agee_rewrite_pol “http.req.url.path.endswith(\”vpn/login.js\”)” AD_agee_replace_rewrite_action
add rewrite policy RSA_agee_rewrite_pol “http.req.url.path.endswith(\”vpn/login.js\”)” RSA_agee_replace_rewrite_action
add rewrite policy AD_agee_delete_pol “http.req.url.path.endswith(\”vpn/login.js\”)” AD_agee_delete_rewrite_action
Bind the policies:
bind rewrite global AD_agee_rewrite_pol 100 NEXT -type RES_OVERRIDE
bind rewrite global RSA_agee_rewrite_pol 110 NEXT -type RES_OVERRIDE
bind rewrite global AD_agee_delete_pol 120 NEXT -type RES_OVERRIDE
Result:
Recent Comments