Jump to content
Welcome to our new Citrix community!

Moving .NET authentication to Netscaler VPX


Recommended Posts

Currently I have an SSL Bridge LB setup which forwards TCP connections to one of three .NET servers.

The sticky algorithm is SRC IP. Users login with their AD account to the .NET application and off they go

using their industry vertical app

 

If I used another method of load balancing would it be possible to move the authentication to the

LB which then somehow informs the destination service/server that the user has already authenticated

with their AD credentials? Could you point me to any document on this? Thank you.

 

 

Link to comment
Share on other sites

If you moved to SSL (instead of SSL_BRIDGE) you could add AAA for Application Traffic (aka an authentication vserver) to the lb config and have the ADC handle authentication prior to load balancing the traffic.  In order for the credentials on the gateway to be passed to the app behind the scense you would either rely on the passthrough web credentials via tm session action sson or a traffic policy with support for some for form sson or saml sson.    AAA session profiles have fewer settings than gateway/vpn vservers.

 

Otherwise, you could make the lb vserver accessible via the vpn vserver (gateway in vpn mode) and then make the lb vserver accessible behind the vpn client. Then configure authentication via the gateway.  VPN would give support for web and non-web applications and keep their vip on the private side of the network behind the vpn vserver.

 

Some Info:

https://docs.citrix.com/en-us/citrix-adc/13/aaa-tm/authentication-virtual-server.html

 

 

 

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...