Authentication, authorization, and auditing application traffic

Set a cookie using nFactor

You can apply the nFactor custom labels and set a cookie as a factor of the authentication flow. Through custom labels, you can use JavaScript to manipulate the login schema.

To set a cookie as a factor, you do not need to display any information to the user, which is performed with a no schema login. Instead, you must interact with the user’s browser to instruct the login schema to store the desired data. A login schema is required to set the cookie when the page is loaded. The cookie is set with a custom label and JavaScript code.

To implement a factor that sets a cookie, create an XML file called cookie.xml to store the schema in the /nsconfig/loginschema/ directory with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<AuthenticateResponse xmlns="http://citrix.com/authentication/response/1">
<Status>success</Status>
<Result>more-info</Result>
<StateContext></StateContext>
<AuthenticationRequirements>
<PostBack>/nf/auth/doAuthentication.do</PostBack>
<CancelPostBack>/nf/auth/doLogoff.do</CancelPostBack>
<CancelButtonText>Cancel</CancelButtonText>
<Requirements>

<Requirement>
<Credential><ID>nsg_cookie</ID><Type>nsg_cookie</Type></Credential>
<Label><Text>Logon Type:</Text><Type>Plain</Type></Label>
</Requirement>

<Requirement>
<Credential><ID>loginBtn</ID><Type>none</Type></Credential>
<Label><Type>none</Type></Label><Input><Button>Log On</Button></Input>
</Requirement>

</Requirements>
</AuthenticationRequirements>
</AuthenticateResponse>

In this XML;

  • The custom label nsg_cookie is used to create the cookie and submit the form, and the form button.
  • The RfWebUI_custom is the new Portal theme based on the RfWebUI theme.
  1. Create a portal theme based on the RfWebUI theme.

    add vpn portaltheme RfWebUI_custom -basetheme RfWebUI
    

    This command creates a folder for this theme at /var/netscaler/logon/themes/RfWebUI_custom

  2. Edit the file /var/netscaler/logon/themes/RfWebUI_custom/script.js and add the following script:

    CTXS.ExtensionAPI.addCustomCredentialHandler({
        // The name of the credential, must match the type returned by the server
        getCredentialTypeName: function () { return "nsg_cookie"; },
        // Generate HTML for the custom credential
        getCredentialTypeMarkup: function (requirements) {
            var div = $("<div></div>");
            $(document).ready(function() {
            //Set cookie valid for 1000 days
            var exdays = 1000;
            var d = new Date();
            d.setTime(d.getTime() + (exdays*24*60*60*1000));
            var expires = "expires="+ d.toUTCString();
            document.cookie = "NSC_COOKIE_NAME=CookieValeu;" + expires + ";path=/";
    
            //Submit form
            document.getElementById('loginBtn').click();
            });
            return div;
        }
    });
    

    This code performs the following:

    • Waits for the browser to finish loading the page
    • Sets a cookie called NSC_COOKIE_NAME with the value CookieValue, valid for 1000 days
    • Auto-submits the form.

    The cookie is created and the user does not need to interact with the page.

  3. Create a login schema to bind to the policy label that represents the set cookie factor.

    add authentication loginSchema Cookie_LS -authenticationSchema "/nsconfig/loginschema/cookie.xml"
    
  4. Create a NO_AUTHN authentication policy to bind to the policy label that represents the set cookie factor.

    add authentication Policy NO_AUTHN_POL -rule TRUE -action NO_AUTHN
    

    This policy always evaluates as true, moving the user to the next factor or completing the authentication flow.

  5. Bind the portal theme RfWebUI_custom to the Citrix Gateway virtual server or Citrix ADC AAA virtual server.

Set a cookie using nFactor