Jump to content
Welcome to our new Citrix community!

Citrix SSPR password reset with netscaler


tbeiser41

Recommended Posts

Hi Group,

 

Users come in through the Internet to access applications.  Is it possible to allow them to manage their passwords if we use Netscaler as a gateway?

 

Netscaler version is 12.1 (50.28)

Citrix Virtual apps 7.9

 

I found some docs for configuring SSPR on the store, but nothing for netscaler.  We use Active Directory for authentication.

 

Thanks for any leads and links.

Link to comment
Share on other sites

On ‎1‎/‎2‎/‎2019 at 8:31 AM, Carl Stalhood1709151912 said:

Yes, added in 12.1.50. Completely unrelated to the other SSPR product.

Thanks, Carl! Happy New Year!

 

Am I correct that this ADC SSPR differ from the existing SSPR 1.1.x https://docs.citrix.com/en-us/self-service-password-reset/current-release.html? If yes, what are the differences between both SSPR? SSPR 1.1.x documentation states it doesn't work with Netscaler (ADC). Is this new ADC SSPR intended to address that? 

 

We plan to deploy SSPR for users accessing published apps via ADC and StoreFront and would like to understand better for planning. Do we need ADC SSPR or can deploy SSPR 1.1.x?

 

Thanks,

Sunny

Link to comment
Share on other sites

  • 2 weeks later...

Hi Carl,

 

Do you happen to have any of your own documentation or tutorials on implementing this feature? The Citrix guide does not seem to be the most informative in some areas! I've been trying to get my head around some of their examples where we need to customise it to cope with two ldap lookups (we allow logons via two ldap queries where users are in two different domains).

 

With Best Regards,


Dan

 

Link to comment
Share on other sites

On ‎1‎/‎4‎/‎2019 at 9:56 AM, Carl Stalhood1709151912 said:

If users authenticate with StoreFront, then you want the StoreFront SSPR product, which doesn't work on Gateway.. If users authenticate with Citrix Gateway, then you want the Gateway version, which doesn't work on StoreFront. If you use both, then you need both products.

Thank you again, Carl

Sunny

Link to comment
Share on other sites

  • 4 months later...

We tried to, but it has a fatal security flaw.

 

The password reset option (where you're asked for your security questions) gives you an unlimited number of attempts, meaning accounts can very, very easily be brute forced (as many answers to the security questions are basic dictionary answers).

 

We've raised this with Citrix but there doesn't seem to be any interest in them resolving it.

 

Unfortunately, this means it's not compliant with many of the basic security standards, including but not limited to ISO27001, PCI and CyberEssentials.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...