How to hide secondary password field for login page of NetScaler Gateway

Create the following rewrite policy and action to hide secondary password field from NetScaler Login page.

Please follow the below steps, to match the configuration that worked to remove the secondary password field:

1. Open your NS GUI, click on Configuration and open the NetScaler Gateway section.

2. Go to your Gateway vServer and open the Policies menu.

3. Click on the + button.

4. Choose Policy “Rewrite” and Choose Type “Response” , exactly the same as the image below :

5. Go to Policy Binding and Click on Add.

6. Edit the fields of the Rewrite Policy like in the image below, with the expression “HTTP.REQ.HEADER(User-Agent).CONTAINS(AGEE).NOT” :

7. At the Action field, click on Add bottom.

8. Create the Action like in the image below, with the following expression “
pwcount= + 1” :

9. Click on Create bottom, with the Remove_Password_Action selected in the Action field.

10. Bind the policy to the Gateway vServer.

11. Click on Done, save the configuration and Test.

Working with Browser :

This rewrite policy works with Web Browser, however it will not functions the same with Receiver.


NOTE: Remember that the “Rewrite” Basic Feature have to be enabled on the NetScaler, to use this policy.

if you use solution below then users are unable to change password if LDAP prompts for it.

If we want to disable the RSA field on first screen on Web Browser as well as on Receiver window ( Including Windows / MAC / IOS / Android ) Receiver , apply the below changes under the LDAP server profile as mentioned in the screenshot :

Uncheck the Authentication tab if its already checked, and then you will find your LDAP logon on logon page and RSA token is on another page separately.

User-added image


Leave a Reply