Brian Korrow Posted January 23, 2019 Share Posted January 23, 2019 Setup: I have a unified gateway that has two basic authentication policies: LDAP + Radius for two factor. I also have a AAA that has only the ldap policy. I have two authentication profiles for the gateway and AAA, with authentication levels of 2 and 1 respectively. Issue: On an traffic managed LB for an internal application I have the authentication set to the Unified gateway’s authentication profile for multi factor authentication. SSO between the full Unified gateway Cvpn and this lb work perfectly. However, this application has embedded links that point to lb vips that are attached to the AAA authentication profile. I would think because you authenticated to the higher level unified gateway you should SSO to the lower level application without being prompted for AAA auth, however that is not the case. I have to reauthenticate to the AAA for any embedded links. I tried setting the authentication levels to equal, setting the authentication domain to the same domain, and put the unified gateway behind a AAA for authentication. Nothing seems to work. I know I am overlooking something. Anybody encounter this before? Link to comment Share on other sites More sharing options...
Rasmus Kindberg Posted January 28, 2019 Share Posted January 28, 2019 I don't think you can share SSO between Authentication vServers and VPN vServers (AAA to AAA and VPN to VPN however are fine). A workaround for you would be to recreate the Authentication vServer as a VPN vServer instead (I can't think of any technical drawbacks to it) and ensure the "Authentication domain" in both authnprofile's you use is the same. You can try above by temporarily creating a new VPN vServer and see if it shares SSO with your Unified Gateway VPN vServer. Link to comment Share on other sites More sharing options...
Brian Korrow Posted May 17, 2019 Author Share Posted May 17, 2019 Looks like there is a bug in Citrix Gateway 12.1.51x. Will post back the fixed version. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.