Add enhanced request support to Netscaler
  • 08 Nov 2023
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Add enhanced request support to Netscaler

  • Dark
    Light
  • PDF

Article Summary

Enhanced request policy

Context

If the user is not yet authenticated, while Netscaler is configured to handle the authentication, then the first enhanced launch will fail. This is because Netscaler will not redirect the user back to the StoreFront deep link after authentication, and the user will be shown the store portal.

Solution

To fix this, an additional policy must be configured in the Netscaler to allow the custom scripts.js to read the NSC_TASS cookie which contains the original request URL.

The following steps describe how to add the rewrite policy.

  1. In the Netscaler, navigate to the virtual server that is hosting the Citrix StoreFront.

  2. On the bottom of the server overview page, add a policy with the policy type “Rewrite” / “Response”.

  3. Click Add next to the policy selection combo box.
    add enhanced-1

  4. Configure the policy with the following parameters:
    Name: ENHANCED_REQUEST_POLICY
    Expression: HTTP.REQ.COOKIE.VALUE("NSC_TASS").LENGTH > 1

  5. Click on Add next to Action and fill in the following information:
    Name: ENHANCED_REQUEST_ACTION
    Type: INSERT_HTTP_HEADER
    Header Name: Set-Cookie
    Expression: "ENHANCED_REQUEST=" + HTTP.REQ.COOKIE.VALUE("NSC_TASS") + "; Path=/"

add enhanced-2

  1. Click Create at the bottom to add the new action to the policy. If rewrite is not enabled, you will be prompted to enable it.

add enhanced-3

  1. In the Choose type page set Goto Expression to NEXT.
  2. Click Bind at the bottom to add the new policy to the virtual server.

add enhanced-4

Context

The NCS_TASS cookie is set by Netscaler if authentication is required based on the referral. But this only happens when the cookie is not present. This causes issues with sessions that are expired, as the authentication is redone, but the cookie content is not updated.

Solution

To work around this, you can add a new rewrite policy that removes this cookie after the enhanced request policy you created in the previous section has copied the contents to the ENHANCED_REQUEST cookie.

  1. In the Netscaler, navigate to the virtual server that is hosting the Citrix StoreFront.

  2. On the bottom of the server overview page, add a policy with the policy type “Rewrite” / “Response”.

  3. Click Add next to the policy selection combo box.

  4. Configure the policy with the following parameters:
    Name: CLEAR_NCS_TASS_POLICY
    Expression: HTTP.REQ.COOKIE.VALUE("NSC_TASS").LENGTH > 1

  5. Click on Add next to Action and fill in the following information:
    Name: CLEAR_NCS_TASS_ACTION
    Type: INSERT_HTTP_HEADER
    Header Name: Set-Cookie
    Expression: "NSC_TASS=;HttpOnly;Path=/;Secure;expires=Wednesday, 09-Nov-1999 23:12:40 GMT"

  6. Click Create at the bottom to add the new action to the policy.

  7. In the Choose type page set Goto Expression to NEXT and make sure the priority is higher than that of the ENHANCED_REQUEST_POLICY created previously.

  8. Click Bind at the bottom to add the new policy to the virtual server.

Further reading

NetScaler documentation


Was this article helpful?