Citrix Access Gateway Setup for Citrix Receiver for the iPhone 1.0
1. Install and configure the Access Gateway to allow connections using the Access Gateway Plug-in and configure authentication realms using either RSA or LDAP (only these two forms are supported). Verify all the network interfaces, certificates and authentication methods are working correctly.
Note: If double source authentication is required (such as RSA SecureID and LDAP), RSA SecurID authentication must be the primary authentication type. RSA SecureID can use either RADIUS or an sdconf.rec file to enable token authentication. LDAP authentication must be the secondary authentication type.
Configuring a RADIUS authentication realm
2.Create a Web Interface site for Citrix Receiver for iPhone to use. Citrix recommends using the Citrix default path for this site (http://ServerName/Citrix/PNAgent) so iPhone users do not have to put in the full path of the config.xml, they can specify the Access Gateway FQDN in the address field of the phone. If a custom path is chosen, all iPhone users need to specify the full path to config.xml, such as http://ServerName/CustomPath/config.xml .
3. Configure the Web Interface site to support the Access Gateway connection. Use the XenApp 5.0 Access Management Console to configure connections to a server farm:
– a. In the Web Interface site, select Manage secure client access - > Edit secure client access settings.
– b. Change the Access Method to Gateway Direct.
– c. Enter the FQDN of the Access Gateway appliance.
– d. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site. For more information, see the Citrix Access Gateway Standard Edition Integration Guide for Citrix XenApp and Citrix XenDesktop. and the support document PNA_with_CSG_en(3).
4.Configure the Access Gateway to accept connections to XenApp and published applications. In the Access Gateway Administration Tool, configure the following settings:
– a. On the Access Policy Manager tab, -right-click on a user group, select Properties, and enter the Web Interface information.
- The check box Single sign-on to the Web Interface is for the Web Interface and does not affect connections using Citrix Receiver for iPhone. If the Access Gateway is configured to use the Web Interface, this can still be maintained and used as it was previously.
- To enable connections through the Web Interface (needed for the iPhone Citrix Receiver) on an Access Gateway which is only configured to accept connections using the Access Gateway Plug-in, select Use the multiple logon option page
- You can use any Web Interface server that is configured; however it is easier to maintain the site used for the Citrix receiver for iPhone on the same server.
- b. In the Access Gateway Administration Tool, on the Authentication tab, click the Secure Ticket Authority tab and add the STA details.
Note: Make sure the STA information is the same as the Web Interface site.
– c. On the Global Cluster Policies tab, select Enable logon page authentication. You do not have to check this box if the Access Gateway is configured to accept connections to XenApp and use only the Web Interface for authentication.
5. If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For more information, see How to Upload an Intermediate Certificate on Citrix Access Gateway 4.5.x.