Easy NetScaler Gateway 11 Portal Customization 28


This week Citrix released the new NetScaler 11 firmware. This firmware contains a lot of new features and improvements. One of these new features is “Portal Customization”.

We all run into this in the passed, how do I change the boring DEFAULT blue/black or with NetScaler 10.x the GreenBubble theme? How do I change the Password 2 label to Tokencode? Of course you were able to make changes via a cumbersome way by changing files in the /netscaler/ns_gui/vpn  folder. You then had to create a copy script because this folder reside on the RAM disk.

Later You were able to create a custom theme by putting theme files in a .tar file. This was still a pain in the * because you had to manually had to edit HTML and JavaScript files.

NetScaler 11 will solve these problems by offering Portal Customization per virtual server. This blogpost shows how to customize a portal with NetScaler 11 including the Receiver X1 theme!

Virtual Server

First of all we create a default NetScaler Gateway Virtual Server, bind authentication policies, bind session policies, bind the SSL server certificate and disable SSLv3 ;-).

NetScaler Gateway Virtual Server

After we created this virtual server it will be available with the DEFAULT well know theme. Even this default theme, however, got restyled in NetScaler 11.

NetScaler Gateway default theme

Portal Themes

Within the NetScaler Gateway context there is a new section available named “Portal Themes”. This is were the DEFAULT and GreenBubble theme are located.

default portal themes

Update: Receiver X1 theme

Since NetScaler 11 build 62.10 there is another theme available. The Receiver X1 theme. No need anymore for adding this theme manually to your NetScaler config:

Receiver X1 Theme

New Portal Theme

To create a new portal theme we click Add, give the new theme a name and select the template theme, either DEFAULT or GreenBubble. When you click OK the new portal theme will be created with the settings from the template theme.


Here is where you can customize the portal. Add your own background, watermark, font size, font color etc.

New Portal Theme

Login Page Customization

Now lets change the login page with some custom images.

antonvanpelt.com theme

Now that we have created our new Portal Theme we have to bind it to our Virtual Server. In case you search for the OK or Bind button, Preview means bind 🙂Bind Portal Theme

Lets have a look to the result. Keep in mind this is just a quick blog, I didn’t have the time to rent a webdesigner so I decided to put in some community stuff 😉

Custom Portal Theme

Login Text Customization

Now I also want to rename the logon fields like Password2 etc. This is also possible via the Portal Theme Customization:

Text Customization

At the moment it looks like there is a bug in this part of the customization because the labels won’t change on the virtual server itself. I reported this bug already to the NetScaler 11 team, so there will be a solution soon. Update: If you edit the portal theme via Google Chrome or Mozilla Firefox changes will work! Citrix confirms there is a bug when you edit the theme via Internet Explorer. This should be fixed in a next release after 11.0-62.10.

Other Customizations

Right now we only customized the logon page. As soon as we are using Smart Access there are several other pages shown to a user after they logged on. Via the Portal Customization we can easily change those pages too!

Advanced Customization

Advanced Portal Customization


In this blogpost I shown you how we can easily change the look and feel of the NetScaler Gateway 11 virtual server. No need to edit HTML and JavaScript files on the NetScaler filesystem anymore!

28 thoughts on “Easy NetScaler Gateway 11 Portal Customization

  1. Reply Peter Swaneveld Sep 22,2015 7:15 pm

    In the previous version it was possible to edit de login.js and disable the third login field (token password) and show it on a second page. I think this isn’t possible anymore 🙁

    • Reply Anton van Pelt Sep 22,2015 10:09 pm

      Why would you want to do this? Only usecase I see is the challenge-response system as being used with SMS tokens. This works out of the box without customizing the login.js javascript file.


    • Reply Holly Boyer Oct 9,2015 5:32 pm

      I spoke to a super citrix support rep this morning and he found a way to remove the third field, Password 2, off of the login page!

      I logged into the netscaler via winscp, browsed to these two files:

      And made one change, which was to comment out the line form.append(field_pass2)

      So the new code would look like this:

      if (pwc ==2)

      That’s it!

      • Reply Anton van Pelt Oct 9,2015 9:52 pm

        Thanks for sharing!


      • Reply Patrick Jan 21,2016 1:28 pm

        Holly, do you know if it is possible to change this with a Rewrite policy? There were 3 rewrite policies which were used before NS 11 to rename the password fields. Any idea how to make these changes to the js file with a rewrite policy?

  2. Reply Holly Boyer Oct 2,2015 3:03 am

    I am also looking for a way to edit login.js as well to remove the third login field (token password), because it is not a required field. There is a second screen that comes up that requires the token so we do not need it on the third. :/

  3. Reply GeirS Oct 15,2015 2:13 pm

    Hi. The editing bug for username and password labels in Internet Explorer is indeed fixed in build 63.16.

  4. Reply Stephan Lang Oct 22,2015 5:32 pm



    just simply not survives reboots of the netscaler!

    • Reply Howard Weise Oct 28,2015 4:41 pm

      Stephan, on reboot, the NetScaler tars everything over the custom code. To make the changes persist, you need a startup script to copy your custom code over the default code. This link talks about customizing older NetScalers, but the second half entitled “Confirming the Changes Made” walks you through one way to make your changes persist. It should still be relevant for NS 11.

  5. Reply Brian Foster Oct 23,2015 6:13 pm

    Hi, i´m having troubles creating a Portal Theme, after selecting the “Template Theme” , I get an error; “The theme so accesed is corrupted.Please delete this theme and create another one”.

  6. Reply Jochen Hoffmann Feb 10,2016 3:51 pm

    Any idea how to export the new customized theme in order to use it w/ further implementations?


  7. Reply Mike Gould Feb 18,2016 6:06 pm

    I like the enhancement. For a custom theme, they should include the ability to change the Favicon as well, IMO. Did I miss something?

    Thanks for the article!

  8. Reply Brian Bagley Mar 7,2016 3:54 pm

    We’ve just updated from 10.5 to 11.0-64.34, and are having a lot of issues with the themes.
    We were using the default theme, and had made some minor modifications to the index.html file to add in an announcement frame.
    After update, this did not display correctly. Regardless of whatever theme I select, it looks like it is using the Horizon theme.

  9. Reply Francis Paul Czekalski Apr 8,2016 7:47 pm

    Is there any way to change the default font?

  10. Reply Phil Apr 20,2016 2:52 pm

    You can change the default font in the look and feel page in the Portal theme

  11. Reply Jon May 13,2016 1:44 am

    Any way to disable the File Share option for CVPN or Unified Gateway? The old methods in http://support.citrix.com/article/CTX120643 no longer apply to 11.x

    • Reply Jon May 13,2016 5:32 pm

      Oops… I guess I’m so conditioned to having to customize AG/NG the old way, that I did not look through the GUI. It’s right there under Portal Theme > Custom Theme Name > Look and Feel.

  12. Reply André Prins May 17,2016 9:18 pm

    I have a question. I’m setting up a netscaler with the X1 theme and don’t want to show the logo next to the login screen. No problem there, but somehow the theme is still blocking that part for scaling. When I have the login screen in the middle of the screen and I use a smaller screen, like a laptop, the login screen moves to the right, because somehow the left side of that part has a table or something that doesn’t move/scale. It’s hard to explain. I’m unable to find a solution for this. I already tried to change the css code, but no luck so far.

    I hope anyone can help me.



  13. Reply Thomas Langner May 31,2016 8:57 pm

    Can I label the logon page based on the browser language?

    Or setting a default language and if it doesn´t match choosing english?


  14. Reply Balaji Jul 18,2016 6:45 pm

    How do I make the background image resizable? Currently I have same background image on both VPN logon page (X1 theme) & storefront. The storefront background image adjusts itself depending upon the monitor screen size but with VPN background image, it doesn’t resize on small monitors & hence full background image wasn’t seen.

  15. Reply Edgar Fando Jul 25,2016 11:18 am

    Hi guys,

    Here our experience migrating from Netscaler appliance 10.5 (with manual portal customization enabled) to 11.1

    After migrating, login portal show black page. Index.html was not loading. Migration was unsuccessful and we had to downgrade.

    After opening a case with citrix, they said we need to erase all customization content from file rc.netscaler. Manual customization is not supported in 11.1, so there is an incompatibility with old 10.5 customized.

    So prior to upgrade to 11 from 10.5 customized:
    – set vpn parameter -UITHEME DEFAULT
    – erase all lines with “cp ….” on rc.netscaler
    – reboot
    – Upgrade

    Hope this is useful for someone, we had a lot of trouble until citrix told us “the trick” and we could not find any KB talking about it.


  16. Reply Yves Hofmann Oct 27,2016 9:05 am


    There is even a easyer way to hidde the second Passcode Filed!

    1) Create a rewrite Action
    Header Name: Set-Cookie
    Expression: (“pwcount=”+ 1”)

    2)Create a rewrite Policy
    Action: Select the rewrite action which you created
    Undefined Result Action: -Global undefined result action
    Expression: HTTP.REQ.HEADER(“Cookie”).CONTAINS(“pwcount”).NOT

    Bind this policy to the Netscaler Gateway Virtual Server where 2 Factor is configured.

  17. Reply Yves Hofmann Oct 27,2016 12:38 pm


    There is even a easyer way to hidde the second passcode filed:

    1) Create a rewrite Action
    Header Name: Set-Cookie
    Expression: (“pwcount=”+ 1”)

    2)Create a rewrite Policy
    Action: Select the rewrite action which you created
    Undefined Result Action: -Global undefined result action
    Expression: HTTP.REQ.HEADER(“Cookie”).CONTAINS(“pwcount”).NOT

    Works like a charme, also in 11.1


  18. Reply Juan Perez Feb 28,2017 12:31 am

    Looking for some guidance with NS 11.1 and customizing the AAA page to where I can add wording at the bottom of the page. I found how to add the EULA but we also want information for assistance on the main landing page. Which can be done on the gateway landing page with a rewrite policy that works great. However there is no option to bind that to an AAA vserver. Working on a developer edition NS, so I still need to update our production from 11.0 to 11.1 to get current and use the portal themes.

    Any feedback is greatly appreciated.

Leave a Reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.