Jump to content
Welcome to our new Citrix community!

Netscaler Gateway Micro VPN - SSO to internal application

Recommended Posts

Good morning all,


I've currently an issue reguarding a per-app VPN with Netscaler Gateway 12.x : by using Microsoft Intune as MDM / MAM solution I'm able to connect on demand with a managed browser, by the use of a certificate authentication.

When I logon to an internal website (for example a Sharepoint Intranet), I'm prompted for the first time for credentials, without the capability to automatic login to the application.

If I perform the same operation with XenMobile (a parallel existing installation), on a different gateway (username + password auth), SSO works with internal apps.


Any suggestion about?


Really thank you for your support

Link to comment
Share on other sites

SSO should be enabled in session profile on Gateway for this to work.

(Session profiles >> Client Experience >>  Single Sign-on to Web Applications [should be checked])


But that being said, If the internal site is HTTPS, SSO won't work even if that setting is set to true when you are connecting with VPN Plugin APP (Full VPN).

With XM also, SSO will work with internal HTTPS sites only if you are using secure browse mode of tunneling won't work with Full Tunnel Mode.


In short - in tunnel mode (SSO APP / XM Full tunnel mode)  Gateway does not proxy the Layer 7 connection, therefore client and server performs the SSL handshake directly and the HTTP in encrypted thus gateway cannot see the auth challenge 401 from back-end. So SSO is limited to HTTP only where gateway can see in clear text


Here is an article describing the differences between XM Full Tunnel mode and Secure Browse mode (SSO APP works more like the XM Full tunnel mode)



Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...