Adding links to the login process is helpful to present the user with additional information, or linking to a portal page where they can create a service ticket.
An example:
n-Factor is more or less alot of javascript, and the XML framework in the LoginSchema files active different parts of that javascript, so its about injecting the right snippet of code in the XML that will active the right piece of javascript code, that in the end will generate the HTML for the browser to render.
To find you schema file look in ns.conf for
add authentication loginSchema ALS_enter_username -authenticationSchema “/nsconfig/loginschema/enter_username.xml”
In this example the file that needs to be edited is: /nsconfig/loginschema/enter_username.xml
In the Schema file add the following code under “Requirements”
1 2 3 |
<Requirement> <Credential><ID>passwordreset_link</ID><Type>passwordreset_link</Type></Credential><Label></Label> </Requirement> |
This will active a javascript function called “passwordreset_link”
That function is defined in:
/var/netscaler/logon/LogonPoint/custom/script.js
An example:
1 2 3 4 5 6 7 8 9 10 |
CTXS.ExtensionAPI.addCustomCredentialHandler({ // The name of the credential, must match the type returned by the server getCredentialTypeName: function () { return "passwordreset_link"; }, // Generate HTML for the custom credential getCredentialTypeMarkup: function (requirements) { var txt = "Password reset link"; var div = $("<p class='pwresetlink'>" + txt.link("https://pwrest.somedomain.com/entry") + "</p>"); return div; } }); |
To do proper markup on the link, alter the following file:
/var/netscaler/logon/LogonPoint/custom/style.css
An example:
1 2 3 4 |
.pwresetlink a:link{ font-size: 20px; color: #8685b9; } |
Note that in the javascript there is a class defined called “pwresetlink” which is also referred in the css file (they have to match).
You could also define the styling directly in the javascript, see https://support.citrix.com/article/CTX219545 for inspiration.
Happy linking!
This is great!
I like it, I’ve only one problem.
Our scope is to setup a default Log-on where the users has limited access to their systems.(Protect data copy and printing.)
And setup a post EPA scan so when a user connect from an Device that belong to our domain, they are able to copy data, or print as well.
But as soon we enable the EPA scan, users with Non Admin rights on his PC can’t log-on while they can’t install the EPA client.
Is it possible to add a checkbox to the log-on page, so users, have the choice to run the EPA Scan? Or do you know how the user can cancell the EPA scan when the EPA Client isn’t installed?
Great work, it helped me getting similar things working. Have you ever tried getting this working by using the strings.[language].json files and the variables _ctxstxt_[varname] making it multilanguage aware?
https://nerdscaler.com/2018/11/23/adding-custom-localized-multi-language-strings-netscaler-rfwebui-theme/
No, but from the looks of it, you could put that kind of thing into a responder policy, so you dont need to have files on the NS.
But its pretty cool 🙂