How does netscaler gateway set cookie value? Like what happens?
Under your netscaler gateway, you can configure multiple session policies for multiple domains. This will auto SSO different domains to your respective environment.
This means that say you can have a forest with 6 different domains. When your staff member hits your external Netscaler login page, they choose their respective domain, and login.
The Netscaler will pass through this authentication attempts to the correct domain. But how does it do this? How does it know which domain you selected? Lets look at our session policies below:
<figcaption class="wp-caption-text">Netscaler session policies</figcaption></figure>
In this pic:
-
We have 3 domains (domain1, domain2 and domain3)
-
We have 2 policies for each domain (one for native receiver and one for receiver web)
-
We have a general ios policy
The key part to take note is the “REQ.HTTP.HEADER Cookie CONTAINS domain1”. This is how the netscaler chooses what domain to auth you to.
But how is that cookie set? What set’s the cookie value to “domain1”?
The answer, lies in the netscaler index.html. I’m short for time, so here is a cliffs of what to do:
-
SCP onto your netscaler, edit /netscaler/ns_gui/vpn/index.html
-
locate the following section (should be around line 35-40):
<!-- Logon box -->
<tr class="mainPane">
<td class="carbonBoxBottom" valign="bottom">
<br /> </p>
<p>
* Add the following line
</p>
<p>
<br /> <SCRIPT type="text/javascript"><br />
function getCookie(name) { // use: getCookie("name");<br />
var re = new RegExp(name + "=([^;]+)");<br />
var value = re.exec(document.cookie);<br />
return (value != null) ? unescape(value[1]) : null;<br />
}<br />
var today = new Date();<br />
var expiry = new Date(today.getTime() + 28 * 24 * 3600 * 1000); // plus 28 days<br />
var expired = new Date(today.getTime() - 24 * 3600 * 1000); // less 24 hours<br />
function setCookie(name, value) { // use: setCookie("name", value);<br />
document.cookie=name + "=" + escape(value) + "; path=/; expires=" + expiry.toGMTString();<br />
}<br />
function storeValues(form) {<br />
setCookie("domainvalue", form.domainvalue.value);<br />
return true;<br />
}<br />
</SCRIPT><br /> </p>
<p>
* The next two lines should read as follows:
</p>
<p>
<br />
<FORM method="post" action="/cgi/login" name="vpnForm" autocomplete="off" style="margin:0"
onSubmit="clean_name_cookie(this);">
<br /> </p>
<p>
* Insert the following string into the onSubmit tag: storeValues(this);"<br /> * The HTML code should now read as follows:
</p>
<p>
<br />
<FORM method="post" action="/cgi/login" name="vpnForm" autocomplete="off" style="margin:0"
onSubmit="return storeValues(this); clean_name_cookie(this);">
<br /> </p>
<p>
<strong>To create a drop-down menu, complete the following procedure:</strong>
</p>
<p>
* On the same index.html page, locate the following line:
</p>
<p>
<br /> <SCRIPT language=JavaScript>ns_showpwd();</SCRIPT><br /> </p>
<p>
* Add the following line immediately after the preceding line:
</p>
<p>
<br />
<TR>
<TD align=center><SPAN class="CTXMSAM_LogonFont" style="padding-right:10px;">Domain:</SPAN></TD>
<TD>
<select name="domainvalue" size="1" style="width: 100px;"><option value="DOMAIN1">DOMAIN1</option><option value="DOMAIN2">DOMAIN2</option></select>
</TD>
</TR>
<br /> </p>
<p>
Note: DOMAIN1 must be replaced with the name you prefer for the domain. You can add as many domains as you want by adding<option value="DOMAIN">DOMAIN</option>before the </select> section.
</p>
<p>
* Save the changes and copy the file to the /netscaler/ns_gui/vpn directory.<br /> Note: Ensure that you back up the original file.
</p>
<p>
<strong>Create a procedure to ensure that the Custom Page endures a restart</strong>
</p>
<p>
* Connect to the appliance using an SSH client such as PuTTY.<br /> * Type shell.<br /> * mkdir /var/customizations<br /> * cp /netscaler/ns_gui/vpn/index.html /var/customizations/<br /> * cd /nsconfig<br /> * touch rc.netscaler<br /> * echo cp /var/customizations/index.html /netscaler/ns_gui/vpn/index.html >> /nsconfig/rc.netscaler
</p>
<p>
THEN go on and create your authentication policy, with "REQ.HTTP.HEADER Cookie CONTAINS <domain you did in the html file>"
</p>