Jump to content
Welcome to our new Citrix community!

Not using Single sign On for RSA

Recommended Posts

I have a requirement to not use single sign on


the customer wants users to log onto The Netscaler gateway using username and RSA FOB then be presented with a logon to Citrix using AD credentials that will then allow single sign on to published desktops 


This is how there old 6.5 Farm worked and the user name in rsa is prefixed with 3 letters  ( for reporting reasons) but then the AD username does not have the 3 extra letters 


How can i achieve this ?

Link to comment
Share on other sites

You need to then share info about your vpn vserver authentication and session policy config and the storefront configuration details.  Depending on whether you use the unified gateway wizard or configured manually, there is sometimes a setting in the wizard that can also affect gateway to storefront handoff.


You would need radius bound to the vpn vserver, no session policy with web passthrough or sson domain specified (i guess).

The storefront store would have to be set up for storefront with gateway integration and the storefront authentication type as domain.  StoreFront authentication settings for the internal and/or external access may need to be verified as performing the authentication...meaning be sure storefront is handling authentication and not delegating to the xml brokers or otherwise setup for anonymous access (which shouldn't work via gateway anyway...but good to check all the options.)

During a test clear all cookies and then confirm if the authentication behavior is working as expected or not. There may be some additional settings that need to be tweaked.


You may also be having an issue in the testing due to authentication timeouts.  


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...