Jump to content
Welcome to our new Citrix community!

SSO Through a Netscaler Gateway


Patrik Holmberg

Recommended Posts

Patrik

 

When you ask for SSO it's from external Network and/or Internal through NetScaler ?

If external, does the device member of the Active Directory domain?

For the SSO you want it to be for Citrix Receiver only (with adding a config file)?

 

You should also have a look here:

 

https://support.citrix.com/article/CTX133982

 

https://support.citrix.com/article/CTX139963

Link to comment
Share on other sites

Hi Patrik,

 

Netscaler does support SSO to storefront from external network.

 

What is the error message you are getting while coming from Netscaler gateway?

 

You can check following settings:

 

1) In session profile on Netscaler, you have to mention the correct domain. (Under Published application tab of session profile).

2) Single Sign-on to Web Applications is checked. (option will be under Client Experience tab of Session profile)

3) Domain specified in SSO domain on Netscaler has to be same as of Storefront Domain or the domain added under trusted domain on Storefront.

4) Storefront server should trust the certificate of Netscaler gateway, if not add root and intermediate cert associated with the server cert of Netscaler gateway, in MMC on Storefront server.

Link to comment
Share on other sites

By SSON, I assume you mean Pass-through Auth. Pass-through Auth is not supported through NetScaler Gateway. If you need this feature, please open a support case and submit an enhancement request. The more that request it, the more likely it will get implemented.

 

However, Pass-through Auth through Gateway could be considered a security risk, especially if you're connecting to 3rd party Gateways.

  • Like 1
Link to comment
Share on other sites

  • 9 months later...

Hello

 

I get the point about security risk for Internet, only for a bit, because for a while now sites have been split into zones that control the trust level.

 

But what if I have internal NetScalers and I want session policies so I can apply Access Gateway filters? Having people re-logon internally is so 90s.

 

Cheers

 

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...