Jump to content
Welcome to our new Citrix community!

Passthrough credentials from Windows to Netscaler for ShareFile on prem (xenmobile cloud as IDP)


Recommended Posts

We have a netscaler gateway on prem as well as our storages for Sharefile. Currently we have ShareFile use Xenmobile as the IDP for SSO - this results (whether you are using the windows app or web browser) in the user being presented with a Netscaler logon prompt window where they can input their regular Active Directory credentials. It also allows Secure Hub to directly pass credentials to the Citrix Files mobile app (iOS / Android) which currently works perfectly. The correct Sharefile GPO settings are enabled already for the Citrix Files windows app.

 

Does anybody know how we can get true SSO and pass their windows credentials directly into this Netscaler prompt? Is this even possible?

Link to comment
Share on other sites

21 hours ago, Siddhartha Sarmah said:

For your requirement, sharefile needs to point to NS AAA Vserver as the IDP.

 

Check this article for reference, it's for Google Apps but the same logic would apply for Sharefile as well.

 

https://www.citrix.com/blogs/2015/12/03/netscaler-saml-sso-for-google-apps-with-kerberos-ntlm-client-side-authentication/

 

 

 

Wouldn't that break SSO for the Sharefile mobile apps (iOS / Android) ? Or is there a way to use the netscaler as IDP while still having Secure Hub pass the credentials to Citrix Files?

Link to comment
Share on other sites

Well, not a 100% sure. Basically, we are not touching the Gateway part here at all. That being said, the change will have to be made at Sharefile to point to NS as IDP if you are to perform native windows authentication (NTLM / Negotiate) .. at least I am not aware of another way around it.   This may need some inputs from Xen-mobile expert as well on how to accomplish both things without breaking anything, try posting on XM side, I'll look around and if I find something that can help achieve this, will get back to you.

Link to comment
Share on other sites

14 hours ago, Siddhartha Sarmah said:

Well, not a 100% sure. Basically, we are not touching the Gateway part here at all. That being said, the change will have to be made at Sharefile to point to NS as IDP if you are to perform native windows authentication (NTLM / Negotiate) .. at least I am not aware of another way around it.   This may need some inputs from Xen-mobile expert as well on how to accomplish both things without breaking anything, try posting on XM side, I'll look around and if I find something that can help achieve this, will get back to you.

 

Yea I was afraid that  might be the case. Theres no documentation on using Sharefile on prem / Xenmobile Cloud / Xendesktop on prem together so it may just not be possible. Ill make a post on the XM side now.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...