by Sam Jacobs, CTP
With the release of NetScaler version 11, administrators have the option of configuring an End User License Agreement (EULA) that users must accept before being allowed to log on to the NetScaler. Configuring the EULA adds a checkbox to the logon page:
Note that the Log On button is grayed out until the EULA is accepted. The exact wording (what the user sees when clicking on the Terms and Conditions hyperlink) are configured by the administrator.
1) To create the EULA using the GUI, go to NetScaler > NetScaler Gateway > Resources > EULA (If you’ve already created and globally bound your EULA, skip to step 11).
2) Click Add.
3) Give your EULA a name (you can have multiple EULAs and switch between them), enter the text of the EULA, and click OK. Note that you can enter HTML codes to format your text.
4) Now, if we wanted the EULA for a specific Access Gateway vServer, we would bind the EULA under the Advanced Settings of the gateway vServer.
Here, however, we want to bind the EULA globally, so we head over to NetScaler > NetScaler Gateway > Global Settings.
5) Click on Configure an End User License Agreement.
6) Click Add Binding.
7) Click to select the EULA.
8) Select the EULA you just created…
9) … and click Bind.
10) The EULA is now bound globally. Click Close.
11) If you browse to the FQDN of your gateway vServer, you should now see the screen shown at the top of the post. Note: If you don’t see the checkbox and hyperlink, see step 15 below.
12) If you click on the Terms and Conditions hyperlink, you should see:
Notice that I specifically said the FQDN of your gateway vServer. Since the EULA is bound globally, you would expect to see the same thing for an AAA login page (you can see what an AAA login page looks like by simply replacing index.html in the URL with tmindex.html). While the actual login page looks the same, clicking on the Terms and Conditions hyperlink for the AAA login page shows:
What happened? It seems that there is an “unanticipated feature” (a “bug” in layman’s terms) in the AAA logic. Is there a workaround? Of course there is (or I wouldn’t be writing this post! :))
13) Using your favorite SCP editor, go to the /resources directory of the theme you are using, and make a backup of the language XML file(s) that you are using (e.g. en.xml for English). Open up the XML file and look for Partition id=”logon” (which contains the text strings for the logon page).
Now, the id for the EULA text is agreement, so to add the EULA, we need to add a line containing that id to the file. Since the entire string must be contained on a single line, if you wish to keep the same formatting as above, you might be tempted to simply add the following line:
Unfortunately, the above will not accomplish what you want. In fact, if you browse to the FQDN of the site, you will now see only:
Yup … just a blank page. That’s because you need to HTML-encode the < and > symbols.
14) Simply replacing each < (less than symbol) with < and each > (greater than symbol) with > (the semi-colon is mandatory) will do the trick. So the final line will look like:
Disclaimer: Source-code modifications are not supported by Citrix Support, and you may be asked to reverse any changes made. The below modification is provided as is. There is no guarantee that it will work in your environment. Test out any changes on a non-production system first, and keep a backup copy of the original file(s).
16) Make a backup copy of /netscaler/ns_gui/vpn/js/tmindex_view.js. Open the file and search for the highlighted line below:
17) Insert the highlighted line:
18) Save the file. Clear your cache and refresh the page (you may need to wait 2 mins for the NetScaler cache to purge). You should now see the checkbox and hyperlink.
19) In order to survive a reboot, you will also need to copy the modified tmindex_view.js file to /var/vpn/vpn/js (if the /js directory does not exist, create it).
20) If the NetScaler is part of an HA pair, you will need to copy the modified file into both directories of the secondary appliance, as source-level modifications are not synched between node.
Sam Jacobs is the Director of Technology Development at IPM, the longest standing Citrix Platinum Partner on the East Coast. With more than 25 years of IT consulting experience, Sam is a NetScaler customizations and integrations industry expert. He holds Microsoft MCSD, Citrix CCP-M and CCP-N certifications, and is a frequent presenter at Citrix Synergy and other IT conferences. He is one of the top Citrix support Forum contributors, and has earned industry praise for the tools he has developed to make NetScaler, StoreFront and Web Interface easier to manage for administrators and more intuitive for end users. Sam became a Citrix Technology Professional (CTP) in 2015. He may be reached at: email@example.com or on Twitter at: @WIGuru.