Under your netscaler gateway, you can configure multiple session policies for multiple domains. This will auto SSO different domains to your respective environment.
This means that say you can have a forest with 6 different domains. When your staff member hits your external Netscaler login page, they choose their respective domain, and login.
The Netscaler will pass through this authentication attempts to the correct domain. But how does it do this? How does it know which domain you selected? Lets look at our session policies below:
In this pic:
We have 3 domains (domain1, domain2 and domain3)
We have 2 policies for each domain (one for native receiver and one for receiver web)
We have a general ios policy
The key part to take note is the “REQ.HTTP.HEADER Cookie CONTAINS domain1”. This is how the netscaler chooses what domain to auth you to.
But how is that cookie set? What set’s the cookie value to “domain1”?
The answer, lies in the netscaler index.html. I’m short for time, so here is a cliffs of what to do:
SCP onto your netscaler, edit /netscaler/ns_gui/vpn/index.html
locate the following section (should be around line 35-40):
<p> * Add the following line </p> <p>
</p> <p> * The next two lines should read as follows: </p> <p>
<p> * Insert the following string into the onSubmit tag: storeValues(this);"<br /> * The HTML code should now read as follows: </p> <p>
<p> <strong>To create a drop-down menu, complete the following procedure:</strong> </p> <p> * On the same index.html page, locate the following line: </p> <p>
</p> <p> * Add the following line immediately after the preceding line: </p> <p>
</p> <p> Note: DOMAIN1 must be replaced with the name you prefer for the domain. You can add as many domains as you want by adding<option value="DOMAIN">DOMAIN</option>before the </select> section. </p> <p> * Save the changes and copy the file to the /netscaler/ns_gui/vpn directory.<br /> Note: Ensure that you back up the original file. </p> <p> <strong>Create a procedure to ensure that the Custom Page endures a restart</strong> </p> <p> * Connect to the appliance using an SSH client such as PuTTY.<br /> * Type shell.<br /> * mkdir /var/customizations<br /> * cp /netscaler/ns_gui/vpn/index.html /var/customizations/<br /> * cd /nsconfig<br /> * touch rc.netscaler<br /> * echo cp /var/customizations/index.html /netscaler/ns_gui/vpn/index.html >> /nsconfig/rc.netscaler </p> <p> THEN go on and create your authentication policy, with "REQ.HTTP.HEADER Cookie CONTAINS <domain you did in the html file>" </p>