Jump to content


Photo

different target url to different stores

Started by Matthias Schlimm , 31 January 2017 - 05:04 AM
4 replies to this topic

Best Answer Rhonda Rowland , 07 April 2017 - 08:45 PM

 You got the header answer before I finished this.

 

Assuming the URLs are the gateway URLs, you've got an issue trying to use the URL path. (If it's not the gateway URL, then you may have options.)  While policies based on URL contents are easy to evaluate, they don't work well in this scenario. Calls to the VPN vserver will drop custom paths and be replaced with the default gateway path:   https://gateway.company.com/aaaweb  becomes https://gateway.company.com/vpn/index.html. 

 

So by the time you want to use the URL path to determine which session policy to apply, the path isn't present to evaluate.

 

As you saw, custom headers can be used instead.  Also, the old domain drop-down list modification for the gateway logon page, shows how to insert a cookie and then evaluate this cookie to trigger which session policy you want. We've used that customization to direct traffic to specific stores, based on a drop down list on the gateway page. Instead of using it for domain selection in authentication we use it for store selection to trigger specific session policies.   NOTE: this customization would have to be implemented slightly differently with the NS 11.x portal themes. But it would still be a manual customization outside of the theme handling.

 

The domain drop-down customization:  https://support.citrix.com/article/CTX118657  (NS v10, 10.1 customization)

NetScaler 11.x version of the article:  https://support.citrix.com/article/CTX203873  (NS v11.x)

Matthias Schlimm Members

Matthias Schlimm
  • 59 posts

Posted 31 January 2017 - 05:04 AM

different target url to different stores

based on target URL user must authenticated from CAG (with SAML) and routed to different stores.

external url:                                            internal URL:
https://ext.comp.com?app=CTXApp1 -> https://storefront.internal.com/Citrix/CTXApp1Web
https://ext.comp.com?app=CTXApp2 -> https://storefront.internal.com/Citrix/CTXApp2Web

For testing I have setup a Netscaler Gateway with an standard session policy and profile, this works fine with the SAML authentication.

Question:

  • how can I address this solution, do i need an cs before cag or can I used rewrite feature in cag, without using cs ?
  • What are the right policies an actions ?

thx for all your help

regards
Matthias
 

 

 



Tobias Richter Members

Tobias Richter
  • 3 posts

Posted 07 April 2017 - 06:22 PM

I want to achieve the same goal.. I have a Netscale VPX configured with Storefront and want to reach another Store trough the same vIP.

 

https://apps.url.com -> https://apps.url.com/Citrix/aaaWeb (This Store is working already)

https://apps.url.com/bbb -> https://apps.url.com/Citrix/bbbWeb

https://apps.url.com/ccc -> https://apps.url.com/Citrix/cccWeb

 

How should i configure it through the Netscaler VPX? Version 11.1



Matthias Schlimm Members

Matthias Schlimm
  • 59 posts

Posted 07 April 2017 - 08:35 PM

We have configured this very simple, with session policies

 

Expression:

HTTP.REQ.HEADER Referer == https://apps.url.com/bbb 

 

This Policy is using the session profile for https://apps.url.com/Citrix/bbbWeb

 

For each URL you must configure an separated policy and profile



Rhonda Rowland Members

Rhonda Rowland
  • 79 posts

Posted 07 April 2017 - 08:45 PM

 You got the header answer before I finished this.

 

Assuming the URLs are the gateway URLs, you've got an issue trying to use the URL path. (If it's not the gateway URL, then you may have options.)  While policies based on URL contents are easy to evaluate, they don't work well in this scenario. Calls to the VPN vserver will drop custom paths and be replaced with the default gateway path:   https://gateway.company.com/aaaweb  becomes https://gateway.company.com/vpn/index.html. 

 

So by the time you want to use the URL path to determine which session policy to apply, the path isn't present to evaluate.

 

As you saw, custom headers can be used instead.  Also, the old domain drop-down list modification for the gateway logon page, shows how to insert a cookie and then evaluate this cookie to trigger which session policy you want. We've used that customization to direct traffic to specific stores, based on a drop down list on the gateway page. Instead of using it for domain selection in authentication we use it for store selection to trigger specific session policies.   NOTE: this customization would have to be implemented slightly differently with the NS 11.x portal themes. But it would still be a manual customization outside of the theme handling.

 

The domain drop-down customization:  https://support.citrix.com/article/CTX118657  (NS v10, 10.1 customization)

NetScaler 11.x version of the article:  https://support.citrix.com/article/CTX203873  (NS v11.x)


Best Answer

Tobias Richter Members

Tobias Richter
  • 3 posts

Posted 10 April 2017 - 08:26 PM

Thank you both for your replies!!

 

Rhonda you exactly hit the point. I already had the idea to use different session policies and profiles wit the exact problem, that the url always turns into /vpn/index.html instead of the designated /bbb or /Citrix/bbbWeb.

 

I have not used the customization of the Frontend GUI to add a field for Store choice. I will evaluate this one and will you give feedback if this suits to my challenge.

 

Thanks, i will update you once finished!