This post has been updated HERE to achieve the same goal only using NetScaler Rewrite and Responder so we no longer need to modify any files on the NetScaler.
Use the below method if you do not have NetScaler Standard, Enterprise or Platinum edition licensing
For those who may have read my guide to customizing NetScaler Gateway 10.1 UI for Swivel integration (https://www.stuartc.net/blog/tech/swivel-integration-netscaler-10-1/), here’s an update for version 11.0 build 62.10!
For the moment I’ve settled for modifying a copy of the default files rather then doing it all in rewrite and responder because there isn’t enough time in the day 🙂 I may update later without if I get a chance.
Not much has changed really from a Pinsafe point of view, we still want to load js function, add a ‘get code’ button and view a turing image. Easy.
Due to Portal themes being introduced in NetScaler 11.0 the NetScaler UI files have been rewritten to make the application of themes parameters possible, which is good!
The only problem is none of these changes are documented by Citrix, which is bad..
We start off by copying the default /vpn/js/gateway_login_form_view.js and and call it /vpn/js/gateway_login_form_view_pinsafe.js
The modify the folowing areas of this new file:
You can download the full file from here: http://i.stuc.uk/gatewayloginformviewpinsafejs
Remmeber to copy the modified /vpn/js/gateway_login_form_view_pinsafe.js file to the /var/vpn/vpn/js/ directory so it’s automatically copied into memory at startup.
Once this is complete you will need 2 rewrite policies inject your custom pinsafe .js files into the /vpn/index.html and a responder to present the pinsafe function .js file.
These can be created with the following commands (you may need to highlight the below lines of text as my wordpress theme cuts off the end – will fix one day)
Create a rewrite action and policy to use our customized /vpn/js/gateway_login_form_view_pinsafe.js file rather then the default add rewrite action ReAct_pinsafe_form_view replace_all "HTTP.RES.BODY(120000)" q{"<script type=\"text/javascript\" src=\"/vpn/js/gateway_login_form_view_pinsafe.js\"></script>"} -search q{text("<script type=\"text/javascript\" src=\"/vpn/js/gateway_login_form_view.js\"></script>")} add rewrite policy RePol_pinsafe_form_view "HTTP.REQ.URL.EQ(\"/vpn/index.html\")" ReAct_pinsafe_form_view Create a responder action and policy to return the pinsafe js funciton. Replace <PINSAFEFQDN> with the extenral FQDN for your pinsafe turing image. add responder action ResAct_pinsafe.js respondwith "\"var pinsafeUrl = \\\"https://<PINSAFEFQDN>:8443/proxy/\\\";\n\"+\"\nfunction showImage(sUrl) {\n\tsUser = document.getElementsByName(\\\"login\\\")[0].value;\n\tif (sUser==\\\"\\\") {\n\t\tdocument.getElementsByName(\\\"login\\\")[0].focus();\n\t} else {\n \"+\"\n\t\t// Find the image using Mozilla compatible approach...\n\t\tvarImg = document.getElementById(\\\"imgTuring\\\");\n \"+\"\n\t\t//Set the image SRC and make it visible\n\t\tvarImg.src = sUrl + \\\"?username=\\\" + sUser + \\\"&random=\\\" + Math.round(Math.random()*100000);\n \"+\"\n\t\tvar imgDiv = document.getElementById(\\\"turingDiv\\\");\n\t\timgDiv.style.display = \\\"\\\";\n\t}\n}\n\"+\"\nfunction showTuring() {\n\tshowImage(pinsafeUrl + \\\"SCImage\\\");\n}\n\"+\"\nfunction sendMessage() {\n\tshowImage(pinsafeUrl + \\\"DCMessage\\\");\n}\"\n" add responder policy ResPol_pinsafe.js "HTTP.REQ.URL.EQ(\"/vpn/pinsafe.js\")" ResAct_pinsafe.js Create a rewrite action and policy to include our pinsafe.js file when /vpn/index.html loads
add rewrite action ReAct_pinsafe.js insert_after_all "HTTP.RES.BODY(12000)" q{"<script type=\"text/javascript\" src=\"/vpn/pinsafe.js\"></script>"} -search q{text("<script type=\"text/javascript\" src=\"/vpn/login.js\"></script>")} add rewrite policy RePol_pinsafe.js "HTTP.REQ.URL.EQ(\"/vpn/index.html\")" ReAct_pinsafe.js Bind to the NetScaler Gateway virutal server that requires Swivel integration bind vpn vserver VSrv_Gateway -policy RePol_pinsafe.js -priority 90 -gotoPriorityExpression NEXT -type RESPONSE bind vpn vserver VSrv_Gateway -policy RePol_pinsafe_form_view -priority 100 -gotoPriorityExpression NEXT -type RESPONSE bind vpn vserver VSrv_Gateway -policy ResPol_pinsafe.js -priority 200 -gotoPriorityExpression END -type REQUEST That should be it! Enter your username and click 'Get Code'
I will change my password 2 prompt later as it’s friday and beer i calling my name 🙂 Hope this helps – any questions let me know in the comments or by email (stuart@stuartc.net)
Wow this is awesome and so much easier than swivel kb article for netscaler 11.
But I have a problem that sometimes the ‘get code’-button is not clickable anymore. Then users can type into the button. Users have to reload several times until the button is clickable again.
Any hints?
Thank you so much for this fantastic and detailed how-to. I have used it on our NetScalers and its working beautifully for our IE & Chrome browsers but its only working on older Safari devices. The latest (iOS 10.0 & MacOS 10.x) browsers wont load the image and upon inspecting the page, I see the error “Cancelled resource load from https://xxxxxxxx/vpn/pinsafe.js because it is using HTTP/0.9 and the document was loaded with a different HTTP version.”
Have you any ideas please as I have been hunting for a couple of days now and found absolutely nothing useful 🙁
Thanks in advance!
Is there a similar way of doing this for Swivel PinPad?