Jump to content
Welcome to our new Citrix community!

NetScaler VPX with multiple Azure MFA tenants and 1 on-prem AD


license partou

Recommended Posts

Hello all,

 

I'd like to know if it's possible to configure a way to let the users choose where they logon.

At this moment we've got multiple Azure tenants and 1 on-prem AD.

 

We can configure 2 NPS servers for tenant A and 2 NPS server for tenant B. See the screenshot.

But I'd like to know if we can make a difference between the Radius servers which needs to be used at the logon page or url.

 

Thanks in advance!

 

David

 

 

Multiple O365 tenant - NPS - Citrix NetScaler.png

Link to comment
Share on other sites

  • 2 years later...

Sorry for me delayed answer, the project was already killed before I could work on it.

But the question get's relevant again, for another customer.

 

I followed the article you shared and I configured it like suggested with in the article. But I had to change the "Authentication RADIUS Policy" instead of the "Authentication LDAP Policy".

The dropdown menu is in place, so that is great. But when the user select one of the domains, it seems that the Radius server with lowest binding priority is being chosen, instead of the one mentioned in the rewrite policy.

 

At the website below I found some discussion about the "cookie" setting, but then only with LDAP: https://www.carlstalhood.com/citrix-gateway-ldap-authentication/

The website with RADIUS won't mention it: https://www.carlstalhood.com/citrix-gateway-radius-authentication/

 

Do you know if there is a limitation with RADIUS?

Link to comment
Share on other sites

22 minutes ago, license partou said:

Sorry for me delayed answer, the project was already killed before I could work on it.

But the question get's relevant again, for another customer.

 

I followed the article you shared and I configured it like suggested with in the article. But I had to change the "Authentication RADIUS Policy" instead of the "Authentication LDAP Policy".

The dropdown menu is in place, so that is great. But when the user select one of the domains, it seems that the Radius server with lowest binding priority is being chosen, instead of the one mentioned in the rewrite policy.

 

At the website below I found some discussion about the "cookie" setting, but then only with LDAP: https://www.carlstalhood.com/citrix-gateway-ldap-authentication/

The website with RADIUS won't mention it: https://www.carlstalhood.com/citrix-gateway-radius-authentication/

 

Do you know if there is a limitation with RADIUS?

After changing the "Expression" within the "Authentication RADIUS Policy" to: "REQ.HTTP.HEADER Cookie CONTAINS domainvalue=Domain" it worked again!

 

"Just in case you don’t find the solution.
Use “developper tools” from your browser and check what you have as cookie. On our side we discover that we have to change filtering by : REQ.HTTP.HEADER Cookie CONTAINS domainvalue=yourDomain.

Then all work again."

https://www.carlstalhood.com/citrix-gateway-ldap-authentication/#comment-15215

 

Thanks a lot for your time!

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...