when you update your netscaler to 11.1, you might notice, that the password saving option from browsers no longer works (most likely because of this issue: http://thehackernews.com/2017/01/browser-autofill-phishing.html). a customer requested to have this feature back – of course i advised against it, but it is a special use case on a seperate Netscaler Gateway instance.
anyway… i found out, that citrix does use dummy text fields (here is why: https://support.citrix.com/article/CTX202371)to trick the browsers autofill function and i simply developed some rewrite rules to delete them – additionally i do re-enable autofill on the textboxes. this solution could be optimized, but it works pretty good.
just adjust your_vpn_server and copy paste these rewrite rules to your netscaler:
enable ns feature REWRITE add rewrite action delete_dummy_user delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "username_dummy.appendTo(right_user);" add rewrite action delete_dummy_password delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "enter_passwd_dummy.appendTo(right_pass);" add rewrite action delete_dummy_password2 delete_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" -pattern "enter_passwd2_dummy.appendTo(right_pass2);" add rewrite action replace_autocomplete replace_all "http.RES.BODY(120000).SET_TEXT_MODE(ignorecase)" "\"\'on\'\"" -pattern "\'off\'" add rewrite policy pol_delete_dummy_user "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_user add rewrite policy pol_delete_dummy_password "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_password add rewrite policy pol_delete_dummy_password2 "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" delete_dummy_password2 add rewrite policy rewrite_autocomplete "HTTP.REQ.URL.EQ(\"/vpn/js/gateway_login_form_view.js\")" replace_autocomplete bind vpn vserver your_vpn_server -policy pol_delete_dummy_user -priority 100 -gotoPriorityExpression NEXT -type RESPONSE bind vpn vserver your_vpn_server -policy pol_delete_dummy_password -priority 110 -gotoPriorityExpression NEXT -type RESPONSE bind vpn vserver your_vpn_server -policy pol_delete_dummy_password2 -priority 120 -gotoPriorityExpression NEXT -type RESPONSE bind vpn vserver your_vpn_server -policy rewrite_autocomplete -priority 130 -gotoPriorityExpression NEXT -type RESPONSE