Friday, July 10, 2009

How to Add a Pull-down Menu to allow end user choices between SSLVPN, Web Interface, and other connection types.

By: Rick Rohne
This article describes how to add a pull-down menu with connection type choices on the logon page for Access Gateway Enterprise Edition. The selections are then analyzed by the session policy.

Example:

Background
By default Access Gateway Enterprise Edition uses group extraction and EPA scans to determine what kind of connection a user can make. Access Gateway Enterprise also has a client choices screen after authentication that can provide end user selections. Client choices, however, does not always offer the best solution for some users.

The following are typical reasons why you would give users a selection box before authentication:


1. Some users can not install the Active X controls for EPA scans due to lack of administrative rights or using a browser other than Internet Explorer.
2. You may wish to offer up a SharePoint site or Outlook Web Access site as the clientless home page. Client Choices cannot give end users choices on their home page.
3. An organization may have different security policies on different VPN methods (such as split tunneling on or off, or different Authorisation policies.


Procedure


The file mentioned on this article is found under /netscaler/ns_gui/vpn.

Create a cookie on the user's workstation
This procedure creates a cookie on the user's workstation which will be evaluated by the session policy. The name of the cookie is NSCookie
1. Download index.html to your workstation.
2. Open the file for editing with your preferred document editor software.
3. Locate the following section:


</SCRIPT>


4. Add the following on the next available line

<script>
function setCookieVal() {
var selectBox = document.getElementById("myList");
var value = selectBox.options[selectBox.selectedIndex].value;
setCookie("NSCookie", value);
}
function setCookie(c_name,value,expiredays) {
var exdate=new Date();
exdate.setDate(exdate.getDate()+1);
document.cookie=c_name+ "=" +value+";path=/;expires="+exdate.toGMTString();
}
</script>

Create the actual pull-down menu:
1. On the same index,html choose an area in the body to create the drop down menu.
2. Add the following code.


<FORM NAME="myform">
<SELECT NAME="myList" id="myList" onchange="javascript:setCookieVal()">
<OPTION VALUE="m1">Connect using defaults
<OPTION VALUE="m2">C
onnect to my Computer
<OPTION VALUE="m3">Connect to my Applications
</SELECT>
</FORM>


(Note: you can add as many OPTIONS as you wish. The Value’s m(x) will be used to match up against a session policy)


Next, we need to ensure that the form is evaluated when the page is loaded.

1. Find the line that begins the body:
<BODY id=bodyTag onload="ns_fillName();">

2. Add setCookieVal() to the line. The line should read:
<BODY id=bodyTag onload="ns_fillName();setCookieVal();">


3. Save the changes and copy the file to the /netscaler/ns_gui/vpn directory.
Note: make sure to backup the original file.

Create a procedure to allow the custom page to survive a reboot:
1. Connect to the appliance using an SSH client such as PuTTY.
2. Type shell.
3. Make a directory on the hard drive to hold the custom file.
mkdir /var/customizations
4. Copy the modified page to the new directory.
cp /netscaler/ns_gui/vpn/index.html /var/customizations/
5. Create a startup script file called rc.netscaler under /nsconfig (if one is not already present).
cd /nsconfig
touch rc.netscaler
6. Copy the copy command into rc.netscaler.
echo cp /var/customizations/index.html /netscaler/ns_gui/vpn/index.html >> /nsconfig/rc.netscaler

Next you must modify the session policies to be based on the presence of the cookie instead of the default "true value".
The expression syntax would look similar to that shown in the screen shot below:
add vpn sessionPolicy POL_WI_Cookie "REQ.HTTP.HEADER Cookie CONTAINS m3" WI_ONLY_Profile



More Information


The user will then be given a drop down menu on the default logon page. The cookie will be placed on their workstation and evaluated by the session
policies. M1 is the default which should always match the users Default connection while m2, m3 etc. will match other session policies.


More information on Access Gateway Enterprise

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Microsoft Virtualization, Citrix, XENServer, Storage, iscsi, Exchange, Virtual Desktops, XENDesktop, APPSense, Netscaler, Virtual Storage, VM, Unified Comminications, Cisco, Server Virtualization, Thin client, Server Based Computing, SBC, Application Delivery controllers, System Center, SCCM, SCVMM, SCOM, VMware, VSphere, Virtual Storage, Cloud Computing, Provisioning Server, Hypervisor, Client Hypervisor.