Jump to content
Welcome to our new Citrix community!

Radius Server MFA Storefront Authentication


Recommended Posts

Are you asking the user to enter their Active Directory password somewhere? If not, then you'll need FAS if you want to eliminate the second logon.

 

If you are asking for the Active Directory password, then what order are you asking for the fields? Is RADIUS first and then LDAP is second? If so, then you'll have to configure NetScaler to specify which password should be sent to StoreFront. Let me know and I can get you the details.

Link to comment
Share on other sites

1 minute ago, Carl Stalhood1709151912 said:

Are you asking the user to enter their Active Directory password somewhere? If not, then you'll need FAS if you want to eliminate the second logon.

 

If you are asking for the Active Directory password, then what order are you asking for the fields? Is RADIUS first and then LDAP is second? If so, then you'll have to configure NetScaler to specify which password should be sent to StoreFront. Let me know and I can get you the details.

 

yes, the user will be entering AD password.

 

I have configured ldap and radius authentication for the virtual server.

Currently I have radius as primary and LDAP as secondary.

Link to comment
Share on other sites

17 hours ago, Carl Stalhood1709151912 said:

In your Session Policy/Profile, on the Client Experience tab, in the Credential Index field, change it to Secondary.

My steps so far.  I am only testing with authentication from NetScaler > Storefront right now.

Things I have done.

1. created an ldap policy   - Primary    Priority  100

2. created a radius policy   -  secondary   Priority 100

 

I then bound those to my virtual server.

 

After that I created a session policy which I kept pretty simple.

I kept Credential index at Primary since ldap was first.

On the Published applications I supplied name of the Web interface address and account services address.

 

We are on citrix 7.15 LTSR and we do not use java but launch the ica from the receiver.

 

I do have two places to enter my password now.  Is this a requirement even though they are they same password for both authentications.

Everything seems to be working fine up to pass authentication to storefront.   It makes it to store front however doesn't log in.

 

I might be missing something simple.

Link to comment
Share on other sites

  • 2 years later...

Hi Ed Schmidt\carl,

 

 I am facing the issue with same setup 

 

1. created an ldap policy   - Primary    Priority  100

2. created a radius policy   -  secondary   Priority 100

 

I then bound those to my virtual server.

 

 i have created RADIUS server as per OKTA  help center article : https://help.okta.com/en/prod/Content/Topics/integrations/citrix-netscaler-radius-configure-gateway.htm

 

But its not successful and getting invalid credentials in NetScaler page , also in RADIUS server logs i can found that 

 

"Authentication failed for user xxxxxx, reason --- Access denied. Invalid creds?"

 

what  i am missing in this configuration , please help me.. 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...