Jump to content
Welcome to our new Citrix community!

Workspace app saml authentication against ADFS with Azure MFA

Recommended Posts

Made a new nFactor SAML authentication policy to support form-based authentication through the latest workspace app.

The store URL is accepted but only getting a white screen in the workspace app, Isnt ADFS supported in this kind of scenario and only direct SAML connection with MFA against Azure directly?

Cannot seem to find any proper documentation regarding workspace app and this scenario.


I can see the screen flashing and when its suppose to redirect to the ADFS form-based authentication screen adfs/ls is just a white window in the workspace app.

Web browser based login is working like expected. 


See attached screenshot!


Br Anders


Link to comment
Share on other sites



The white screen issue look more like worksapce issue. What is version of worksapce are you using ?


Have you checked this "Citrix Workspace App SAML Auth to Citrix Gateway via Azure MFA"  here. This will help you to recheck your SAML and other configuration.






Link to comment
Share on other sites

Hi, yes Ive checked that one out when doing the nFactor.

Basically whats differ here, is that were doing SAML authentication against the ADFS environment, where its in this link above going directly against Azure.

I have tried on 2 computers now, same behavior with Workspaceapp

Ive might trying to install an older version, just to see if its the same behavior.



Link to comment
Share on other sites



Ive solved the issue, the main issue is that were having a separate ADFS WAP farm and not loadbalancing the proxy servers directly through the Netscaler.

Mainly this causes the WIA (Windows auth prompts) against ADFS. 


Get-AdfsProperties |Select -ExpandProperty WIASupportedUserAgents and removing "Trident/7.0" as option solves the issue and form-based auth is working.

Needless to say, we do need to scale the proxy server feature against ADFS in the Netscaler instead. Since the ADFS identifies the traffic as coming internal even though running from an external source. Most guides out there points to having the ADC setup as an Active Directory Federation proxy.


Thanks for helping out


Br Anders




  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...