Add enhanced request support to Netscaler

Enhanced request policy

Context

If the user is not yet authenticated, while Netscaler is configured to handle the authentication, then the first enhanced launch will fail. This is because Netscaler will not redirect the user back to the StoreFront deep link after authentication, and the user will be shown the store portal.

Solution

To fix this, an additional policy must be configured in the Netscaler to allow the custom scripts.js to read the NSC_TASS cookie which contains the original request URL.

The following steps describe how to add the rewrite policy.

1. In the Netscaler, navigate to the virtual server that is hosting the Citrix StoreFront.

2. On the bottom of the server overview page, add a policy with the policy type “Rewrite” / “Response”.

3. Click Add next to the policy selection combo box.
   

4. Configure the policy with the following parameters:
   • Name: ENHANCED_REQUEST_POLICY
   • Expression: HTTP.REQ.COOKIE.VALUE("NSC_TASS").LENGTH > 1

5. Click on Add next to Action and fill in the following information:
   • Name: ENHANCED_REQUEST_ACTION
   • Type: INSERT_HTTP_HEADER
   • Header Name: Set-Cookie
   • Expression: "ENHANCED_REQUEST=" + HTTP.REQ.COOKIE.VALUE("NSC_TASS") + "; Path=/"

6. Click Create at the bottom to add the new action to the policy. If rewrite is not enabled, you will be prompted to enable it.

7. In the Choose type page set Goto Expression to NEXT.
8. Click Bind at the bottom to add the new policy to the virtual server.

NCS_TASS Cookie

Context

The NCS_TASS cookie is set by Netscaler if authentication is required based on the referral. But this only happens when the cookie is not present. This causes issues with sessions that are expired, as the authentication is redone, but the cookie content is not updated.

Solution

To work around this, you can add a new rewrite policy that removes this cookie after the enhanced request policy you created in the previous section has copied the contents to the ENHANCED_REQUEST cookie.

1. In the Netscaler, navigate to the virtual server that is hosting the Citrix StoreFront.

2. On the bottom of the server overview page, add a policy with the policy type “Rewrite” / “Response”.

3. Click Add next to the policy selection combo box.

4. Configure the policy with the following parameters:
   • Name: CLEAR_NCS_TASS_POLICY
   • Expression: HTTP.REQ.COOKIE.VALUE("NSC_TASS").LENGTH > 1

5. Click on Add next to Action and fill in the following information:
   • Name: CLEAR_NCS_TASS_ACTION
   • Type: INSERT_HTTP_HEADER
   • Header Name: Set-Cookie
   • Expression: "NSC_TASS=;HttpOnly;Path=/;Secure;expires=Wednesday, 09-Nov-1999 23:12:40 GMT"

6. Click Create at the bottom to add the new action to the policy.

7. In the Choose type page set Goto Expression to NEXT and make sure the priority is higher than that of the ENHANCED_REQUEST_POLICY created previously.

8. Click Bind at the bottom to add the new policy to the virtual server.

Further reading

NetScaler documentation