Often we require the End User License Agreement (EULA) to be part of the login page so that users can agree to it before signing in. However, in n-factor configuration the login UI is determined by the login schema being used. In the absence of a dedicated schema which shows EULA as well, we can use the following steps to achieve the EULA functionality along with the n-factor schema.

We need the following two things to achieve this:

Login Schema - First we need to select the Base Loginschema depending on the authentication requirements. We can choose the SingleAuth.xml, if the user is expected to provide only one password and check the EULA box, or the DualAuth.xml in case they need to provide two passwords.

We need to make a copy of this base LoginSchema and slightly modify it. We can give it a new name like “EULAWith1password.xml”.

Locate the following node in this XML:

<Requirement><Credential><ID>saveCredentials</ID><Type>savecredentials</Type></Credential><Label><Text>Remember my password</Text><Type>plain</Type></Label><Input><CheckBox><InitialValue>false</InitialValue></CheckBox></Input></Requirement>

We can place the EULA checkbox just below this. In order to do this, paste the following lines below the node described previously:

<Requirement><Credential><ID>custom-eula</ID><Type>custom-eula</Type><Input><Text><Hidden>true</Hidden><InitialValue>eula1</InitialValue></Text></Input></Credential></Requirement>

You can use third party tools like XML formatter to validate that there is no syntax errors while editing the XML file. You can also manually copy and edit these files using shell mode. The files are saved at /nsconfig/loginschema/

In the above XML node, the admin only needs to replace the name of the EULA configured with the one that they want to show to the user, which in this case is “eula1”. This assumes that the admin has already configured an EULA named “eula1” through the GUI wizard at NetScaler Gateway->Resources->EULA. You can of course change the EULA name as long as you also change the name in the XML file.

The other highlighted part is the custom credential used for the EULA – “custom-eula”. This is the name of the credential that the UI would decipher to write the client side logic for the EULA implementation. The JavaScript that would do this is pasted in the next section.

Custom JavaScript - We now need a client side script to be able to decipher our EULA and show it to the user.  Copy the following code snippet and paste it in “/var/netscaler/logon/themes/<theme-name>/script.js” directory. Create the file if it is not already present.

NOTE: This script will not run if there is not at least one Authentication Policy bound to the AAA Vserver.

It is advisable to bind a portal theme to the vserver where we need to show the EULA. This will help us keep the script file associated with the theme separate and persistent across reboots/upgrades.

The script to be pasted is:

//Customization to support EULA on AAA login page
 function eula_success (responseData, textStatus, XMLHttpRequest) {
    if(XMLHttpRequest.responseXML){
        var eulaTextNode = $(XMLHttpRequest.responseXML).find("String[id='"+ eulaName + "']");
    }
    if(eulaTextNode.length == 0)
        eulaTextNode.text("");      //Set blank EULA message.
   
    var eulaAccept = $('<a href="#" id="nsg-eula-display" style="color:#02A1C1"></a>').text(_localize('terms'));
    eulaAccept.click(function (e) {
        e.preventDefault();
        CTXS.ExtensionAPI.showMessage({
                                    localize: true, // if true try to localize messages
                                    messageText: eulaTextNode.text(), // Text of message
                                    messageTitle: "End_User_License_Agreement", // Title of message (optional)
                                    okButtonText: "OK", // Text for ok button (optional)
                                    isalert: false, // if true show an alert style message (optional)
                                    okAction: function() {}, // action to do if ok is clicked (optional)
                                });
    });
 
    var eulaChecbox = $('<div><input type="checkbox" id="nsg-eula-accept" name="nsg-eula-accept" tabindex="0"></div>');
    if(LargeUI)
        eulaChecbox.attr('style','width:385px');
    var eulaLabel = $('<label for="nsg-eula-accept"></label>').text(_localize('eula_agreement'));
    eulaLabel.append(eulaAccept);
    eulaChecbox.append(eulaLabel);
    eulaDOM = eulaChecbox;
}
 
CTXS.ExtensionAPI.addCustomCredentialHandler({
                    // Name of credential returned in form from server
                    getCredentialTypeName: function () { return "custom-eula"; },
 
                    getCredentialTypeMarkup: function (requirements) {
                        eulaDOM = "";
                        if(requirements.input.text.initialValue != "") {
                            eulaName = requirements.input.text.initialValue;
                           
                               
                                var language = $.globalization.currentCulture().name;
                                if(language == "") {
                                    language = "en";
                                }
                                $.ctxsAjax({
                                    store:null,
                                    type: 'GET',
                                    url: "/logon/themes/EULA/resources/"+ language +".xml",
                                    dataType: 'xml',
                                    async: false,
                                suppressEvents: true,
                                    success: eula_success,
                                    error: function(responseData, textStatus, XMLHttpRequest) {
                                    },
                                    refreshSession: true
                                });
                           
                        }
                        function disableFormsButton($button) {
                        // Disable the button and stop it appearing clickable
                        $button.addClass('disabled').removeAttr('href');
                    }
 
                    function enableFormsButton($button) {
                        // Enable the button and make it clickable again
                        $button.removeClass('disabled').attr('href', '#');
                    }
                    $(document).on('ctxsformsauthenticationdisplayform', function (e, data) {
                        var $form = data.authenticationElement.find('.credentialform'),
                        $eulaAcceptCheckbox = $form.find('#nsg-eula-accept'),
                        $loginButton = $form.find('#loginBtn');
                        if ($eulaAcceptCheckbox.length && $loginButton.length) {
                          // This is a EULA form
                          // Disable the submit button by default
                          disableFormsButton($loginButton);
                          // Add the custom behaviour for the checkbox
                          $eulaAcceptCheckbox.on('click', function () {
                            if (this.checked) {
                                enableFormsButton($loginButton);
                            } else {
                                disableFormsButton($loginButton);
                            }
                          });
                      }
                   
                  });
                    return eulaDOM;
                }
            });
 
/*
*** END OF EULA SCRIPT ****
*/

Save this file and then bind the custom theme to the vserver.

After configuring the new login schema “EULAWith1password.xml” that is to be used as AuthenticationSchema in the LoginSchema policy, the users logging in will be able to read the EULA document as well and would be required to check it before logging in.

Note: For the best UI result with this configuration, use the RfWebUI based theme.
 

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

This article describes how to use the EULA feature with NetScaler n-Factor schema.