Jump to content
Welcome to our new Citrix community!

Publish website behind Citrix Gateway VIP


Recommended Posts

Hi,

 

I would like to accomplish the following on my ADC, create a gateway VIP with MFA authentication (already have this). 

After logging into the citrix gateway vip using my browser i would like to be redirect directly to a webserver on my internal network https://guacamole.internaet 

(running Apache Guacamole HTML5 RDP GATEWAY) i actually dont know how to do this.  Can you point me in the good direction do i need to create a session profile/intranet application/...
The other objective after i have figured out how to redirect immediatly to the webapp is be able to pass credentials to the webapp to accomplish SSO.
The application is using JSON POST to submit username/password credentials and returns a token when ok.
If any body can point me in the good direction or tell me if this is even possible.
I can provide more details on the JSON POST also.

 

 

 

 

Link to comment
Share on other sites

  • 2 weeks later...

Hi Carl,

First of all sorry for the slow response time from my end and thank you for taking up the time to answer questions on this forum.

I have tried the ICA proxy in the session policy and it seems to be working for HTTP only not for HTTPS.

My internal webserver is signed by my internal PKI and i have imported the root CA in SSL --> Certificates - CA certificates.

Include you can also find a fiddler from when i submit my login details to the form.

I do not think I can use the standard webform SSO since the webform is dynamically constricted via JavaScript.Guacamole-POST API TOKENS.pdf

 

 

Guacamole-POST API TOKENS.pdf

Edited by f.demuyter@llbg.com
ADD info
Link to comment
Share on other sites

  • 3 weeks later...
On 11/5/2019 at 8:52 AM, Frederik De Muyter said:

Hi Carl,

First of all sorry for the slow response time from my end and thank you for taking up the time to answer questions on this forum.

I have tried the ICA proxy in the session policy and it seems to be working for HTTP only not for HTTPS.

My internal webserver is signed by my internal PKI and i have imported the root CA in SSL --> Certificates - CA certificates.

Include you can also find a fiddler from when i submit my login details to the form.

I do not think I can use the standard webform SSO since the webform is dynamically constricted via JavaScript.Guacamole-POST API TOKENS.pdf

 

 

Guacamole-POST API TOKENS.pdf 101.18 kB · 1 download

 

On 10/25/2019 at 12:19 PM, Carl Stalhood1709151912 said:

For the redirect, in a Session Policy, on the Published Applications tab, enable ICA Proxy, and put the web server address in the Web Interface field.

 

For Forms-based SSO, you'll need to create a Gateway Traffic Policy.

Hi Carl,

I have added the web address on the session profile , client experience tab homepage.  And the URL is visiable over cvpn.  However I am still have not succeeded to get SSO working.

For logging into the application I can use the following https://server/#/?username=USERNAME&password=PASSWORD.   I created a traffic policy if the url start with:

 

url expression REQ.HTTP.URL == /

Form SSO profile action URL : /#/?

Usernamfiled = username

Password Field = password

Extraction static

Method POST

 

Is this the correct approach or should I use something else.

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...