Update 05-04-2021: Changed the loginschema to show the link above login button and changed script.js to match css.

Update 23-12-2021: Removed typo in the login schema, thanks Sander Bierman 😉

You are probably reading this as you found out the hard way that rewriting the logon page (AAA virtual server / authentication profiles) is not working/supported. But you do want that extra line in there 😉 Here’s a little tutorial explaining how to do this.

First you need to know that this only works when using custom login schema’s. So when this is needed on a gateway you need to use the authentication profiles features of the Citrix ADC. When you have this is place and working as expected you can continue.

Open the script.js file from your custom theme (located at /var/netscaler/logon/themes/<custom theme name>/script.js)

Add the following part: (Change the link and text to your own convenience)

Here a screenshot how it should look:

Now open your custom logon schema you are using within your authentication profile to edit it. It can by found in /flash/nsconfig/loginschema

Add the following line as last requirement: <Requirement><Credential><Type>nsg-custom-cred</Type><ID>passwd</ID></Credential><Label><Type>nsg-custom-label</Type></Label>

Here is an example of the created loginschema:

Now open your authentication page and you should see the link inserted:

Tested on versions 12.1 and 13


Jeroen Tielen

Experienced Consultant/Architect with a demonstrated history of working in the information technology and services industry. Skilled in Citrix, Microsoft, VMware, Ivanti, etc.

16 Comments

Tobias Hoffmann · July 21, 2021 at 13:05

Hi, i used your Blog to get a Link in our Login Page. But when i Use this string in the loginschema (nsg-custom-credpasswdnsg-custom-label) I got this error in my Netscler config GUI: Cannot read property ‘type’ of undefined

Here is my complete schema:

success
more-info

/nf/auth/doAuthentication.do
/nf/auth/doLogoff.do
Cancel

loginExplicitForms-Usernameusernameprefiluserfromexpr_user_namensg-login-labelprefiluserfromexpr_please_supply_either_domain\username_or_user@fully.qualified.domainfalsetrue${http.req.user.name}.+
passwdExplicitForms-Passwordpasswordprefiluserfromexpr_passwordnsg-login-labeltruefalse.+
noneprefiluserfromexpr_second_factornsg_confirmation
saveCredentialssavecredentialsprefiluserfromexpr_remember_my_passwordnsg-login-labelfalse
loginBtnnonenoneprefiluserfromexpr_log_on

Do you Have any Ideas for me?

    Jeroen Tielen · July 23, 2021 at 09:21

    Hi Tobias,

    Use the CLI/WINSCP.

    Best regards, Jeroen.

Alex Eckersley · August 25, 2021 at 11:37

Hi Jeroen,

We are curently on NetScaler NS12.1: Build 62.27.nc and I tried to add the password reset link just as you stated but nothing shows up.

The script.js was empty and I pasted your code there ans changed the URL.
The I added the line in the login schema as second-last requirement. I noticed that it missed a “” at the end but it is in your coding.
Also I noticed that the “” in your code is before the loginBtn requirement. In the original code it was at the end. I played around with that but to no avail.
Could it be a problem with CSS?

    Jeroen Tielen · August 25, 2021 at 11:48

    Which portal theme are you using? Try the rfwebui.

      Alex Eckersley · August 25, 2021 at 11:50

      We use a custom rfwebui

        Jeroen Tielen · August 31, 2021 at 09:32

        Hi Alex, the best you can do is create a new theme (based in rfwebui) and start from scratch.

          Alex Eckersley · August 31, 2021 at 10:19

          We’ll do that, thanks anyway.

Mike Geubel · November 17, 2021 at 09:27

I created a custom theme based upon the RfWebUI theme. I entered the part in the first step in /var/netscaler/logon/themes//script.js, but I don’t have a custom logon theme file in /flash/nsconfig/loginschema.

I tried adding the line into /var/netscaler/logon/LogonPoint/LogonUI.html and /flash/nsconfig/loginschema/LoginSchema/SingleAuth.xml, but both didn’t work.

Do you know what I need to do?

    Jeroen Tielen · November 17, 2021 at 13:03

    Hi Mike, mandatory step is to use authentication profiles.

Tony S · January 7, 2022 at 12:24

Thank you for this guide, it was really helpful, without this I would’ve used way more time to figure this out.

Is there a way to center the text under Login button? Not necessary, but would be a nice touch.

    Jeroen Tielen · January 7, 2022 at 12:25

    Yes that is possible. Just add the center tags ;).

Amey · March 9, 2023 at 03:41

Hi Jeroen, Thanks for the writeup, it’s great. I am trying to to upgrade the netscaler firmware to 13.1. we are on 13 train now. in order to do that i am currently working on 2 pre-requisites.
1. make use of RFWEBGUI theme as X1 is deprecated to be used in 13.1
2. convert basic policies to Advanced policies.

I need some help on number 1. I understand i need to use Nfactor Auth alongwith RFWEBGUI theme to achieve the required outcome. I followed citrix article to configure Nfactor. however i get error “not a privileged user” after login. i think that is because the domain field not specified and the session policy may be looking for domain cookie. I wanted to add the “domain” field (not the domain dropdown but just a domain field like Password e.g.) so users can enter the domain name and login. It looks like i would need to work through the script.js in the logon\custom folder , can you please help me with some tips on the code?

NYer · March 16, 2023 at 16:22

Hi. I have version 13.1 and my custom theme was done in gui and is not the default. I also use the authentication profile. However; all I have under “/flash/nsconfig/loginschema/” is a folder called LoginSchema with a bunch of XML files from 2 years ago. What is going on?

Thanks

NYer · March 16, 2023 at 16:37

I forgot to mention that I have the STANDARD version of the citrix gateway (not enterprise or platinum)…

Michal · April 20, 2023 at 14:54

Hello Jeroen,
thank you for the perfect tutorial. I have one question: is the change in loginschema visible immediately, or the restart of the appliance is required?

    Jeroen Tielen · April 26, 2023 at 10:01

    Should be shown immediately, but caching can be a PITA 😉

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: