Jump to content
Welcome to our new Citrix community!

Need to integrate SSO for NetScaler gateway page login

Recommended Posts



I am new in NetScaler. We have build gateway virtual server to access storefront publish desktop and application. In current flow NetScaler will provide login page and prompt for credentials which is further validated by LDAP server configure and attached with this same gateway virtual server. But now we want to enable SSO for this login so when ever domain user login though office system/domain join system it will directly reach to storefront page via gateway virtual server page. If it is not domain system it will provide login page and prompt for credentials. This can be achieve in storefront enabling "PassThrough Authentication" but is there any think link this can be done on NetScaler Gateway level.


Thank You.    

Link to comment
Share on other sites

  • 3 weeks later...



it's possible but quite more harder.

You have to create a AAA vserver on the netscaler (and also have at least an enterprise edition). on this AAA vserver you will be able to add a negotiate policy (for kerberos) and another in ldap (for the form base)


on the netscaler gateway, you will have to add an authentication profile that use your AAA.





Link to comment
Share on other sites

  • 8 months later...

Hi Mathieu and Carl,


we have a similar requirement: users access our Citrix Virtual Apps and Desktops with Receiver Self Service, and the connection goes always through NetScaler Gateway (forced with beacons). The Store has "Pass-through from Citrix Gateway" enabled. At the moment users are able to access the Store but even if Workspace App is installed with /includeSSON it will always ask for username and password.


If I download the admx/adml files and enable the GPO setting Carl instructs above SSO works, so the Receiver no longer asks the username and password but signs in automatically. I guess there's no command line switch to enable this when installing Workspace App? The problem is that we have no access to our end users PC's, and modifying Group Policies is not something I'd like to instruct our end users to do.


Mathieu, could you please share more instructions about how I could enable this with AAA vServer. We have NetScaler VPX Enterprise license.



Link to comment
Share on other sites

  • 1 year later...

I have now done the following steps:

  • Enable GPO setting
  • Add the URL to Local Intranet
  • Installed WSApp with SSON enabled

... still I'm presented with the authentication dialog.


Is the Kerberos configuration really required for this to work (Carl/Mathieu)? It's nightmareish to configure in a multi-supplier environment where the AD is managed by a third party.

Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...