Jump to content
Welcome to our new Citrix community!

Citrix Workspace App IOS with NetScaler Gateway with native OTP


Recommended Posts

I use Unified Gateway and Native OTP and have this setup working with iOS devices. I also had some problems to make this work. After some troubleshooting I noticed that on iOS devices the password and passcode fields are switched. If i entered the passcode in the password field and the password in the passcode field i was logged on.

 

I created an advanced authentication policy for “receiver” on iOS devices to fix this. This works fine. 

Link to comment
Share on other sites

Hi Loic,

 

I created an additional Advanced Authentication policy with the expression HTTP.REQ.HEADER("User-Agent").CONTAINS("iOS") && HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver"), Action Type: LDAP, Action: The LDAP OTP Verify server. 

 

I also created an additional Authentication PolicyLabel with the default LDAP server bound to it. 

 

Bound the advanced authentication policy to the AAA server and the policylabel as the next factor. The auhentication policy should have a higher priority (lower number) than your default authentication policy.

Link to comment
Share on other sites

  • 3 weeks later...

Hello,

 

As promised. This is what i did to get it working.

 

Authentication part.

  1. Create an additional advanced authentication policy with the expression : HTTP.REQ.HEADER("User-Agent").CONTAINS("iOS") && HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver")  the action is your NativeOTP verify server.
  2. Create an additional policy label with schema SCHEMA_INT.  Bind your already existing LDAP policy to this policy label.
  3. Bind the authentication policy  created in  step 1 to your AAA server with a higher priortity (lower number) than your existing policies. In GOTO Expression select END. In the "Select Next Factor" field select the policylabel created in step 2

Session policy part

 

Create a Netscaler Gateway Session Profile with the following settings:

  • Client Experience tab: Plug-In Type - Java
  • Security tab: Default Authorization Action - Allow
  • Published Applications tab: ICA PRoxy - ON and the additional settings on this tab to connect to your Citrix environment.

Create a Netscaler gateway session policy with the following expression: HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixWorkspace") || HTTP.REQ.HEADER("User-Agent").CONTAINS("CitrixReceiver"). In the profile field specify the profile created in the previous step.

 

Bind the session policy to your Gateway with a higher priority (lower number) than your existing policies.

 

Kind regards.

 

Michel

  • Like 2
Link to comment
Share on other sites

  • 5 months later...

Hi Michael, You promised to post an extensive solution for this issue...

I´m struggling for a week to make this IOS working with advanced policies. I followed your indications, I can logon but it seems something is wrong as I get "no apps available at this time".

 

Thanks

Bogdan

Link to comment
Share on other sites

1 hour ago, Bogdan Stanciu1709158798 said:

Hi Michael, You promised to post an extensive solution for this issue...

I´m struggling for a week to make this IOS working with advanced policies. I followed your indications, I can logon but it seems something is wrong as I get "no apps available at this time".

 

Thanks

Bogdan

 

Hello Bogdan,

 

The "best voted" answer in this topic is the solution i posted. The solution i posted was because of logon errors with Receiver/Workspace on iOS due to switched passcode, password fields on iOS. Are you sure this is the cause of your problem? 

Link to comment
Share on other sites

  • 3 months later...
  • 4 months later...

Has anyone got this working with the newest ADC build 13.0 build 52.24?

 

I tried the workaround with the rewrite policy but its still not working https://support.citrix.com/article/CTX272402

When trying to auto enroll it only brings usernam/password and then the fields are wrong again (password in OTP field).

 

When setting the account manually in the workspace app, I can enter everything but still get the "No Apps available at this time".

 

Do I need to combine the rewrite action with the iOS policy somehow?

Link to comment
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...