Jump to content
Welcome to our new Citrix community!

Gateway vServer Session Policies: SSO ON for Apps and Desktops, SSO OFF for RDP Proxy?


tylital520

Recommended Posts

First of all I have to say I am somewhat confused about which of the sub forums I should choose to ask Netscaler questions.

 

But here's my question:

 

I want to use RDP Proxy on our Receiver for Web URL, but I do not want to use SSO with RDP Proxy, because end user will connect to hosts that are not part of our AD-domain. How could I achieve this, when we have one Gateway vServer which already has policies for Apps and Desktops bind to it. Those policies have SSO enabled. If I create a new Session profile and policy for RDP Proxy with SSO disabled and bind it to the same vServer either my Apps and Desktops are not showing anymore, or RDP Proxy uses SSO depending on the priority I set to that RDP Proxy policy.

 

Is there some workaround for this?

 

 

Link to comment
Share on other sites

Hi,

 

- create a citrix gateway traffic profile setting Single Sign-on to OFF

- create a citrix gateway taffic policy bound to the created profile and set the following expression HTTP.REQ.URL.CONTAINS("192.168.10.10") (Example IP or FQDN for your RDP Host Destinations)

- Create a AAA User (set "external Authentication" so your AD user will be choosen) or Group (Name the AAA Group like your AD Group so your AD Group will be filtered)

- Bind the traffic policy to your AAA User or AAA Group

 

Your SSO to your Apps and Desktops will work and for your specific RDP Hosts SSO will be disabled.

 

Regards

Julian

Link to comment
Share on other sites

56 minutes ago, Julian Jakob said:

Hi,

 

- create a citrix gateway traffic profile setting Single Sign-on to OFF

- create a citrix gateway taffic policy bound to the created profile and set the following expression HTTP.REQ.URL.CONTAINS("192.168.10.10") (Example IP or FQDN for your RDP Host Destinations)

- Create a AAA User (set "external Authentication" so your AD user will be choosen) or Group (Name the AAA Group like your AD Group so your AD Group will be filtered)

- Bind the traffic policy to your AAA User or AAA Group 

 

Your SSO to your Apps and Desktops will work and for your specific RDP Hosts SSO will be disabled.

 

Regards

Julian

 

Hi Julian,

 

thanks for the answer! There was actually even simpler solution which was provided here (can't believe I missed that thread): https://discussions.citrix.com/topic/375614-rdp-proxy-disable-sso/

 

And here is the official Citrix article about the same topic: https://support.citrix.com/article/CTX208324and

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...