Jump to content
Welcome to our new Citrix community!


Recommended Posts



I have configured our ADC running 12.1-57.18 to use ADFS 4.0 with Azure MFA configured based on the following article - https://docs.citrix.com/en-us/advanced-concepts/implementation-guides/citrix-gateway-microsoft-azure.html to gain access to XenDesktop.


Upon testing externally I am finding that I have to enter username + password twice - once at the UG gateway server and then again when at the IdP page.  After further investigation it looks like I shouldn't have configured an ADFS proxy as detailed in the above url because we already have existing ADFS WAP's in place and I believe that we are hitting the external ADFS WAP's rather than the ADFS Proxy on ADC (not 100% sure on this but I think so).  I think this is confirmed by disabling the vServer for internal ADFS servers and not seeing any change of behaviour.  ADFS is handled by another team so please excuse lack of knowledge on such things.


When accessing the gateway internally only one username + password prompt is seen at the gateway after which an Azure MFA page on our IdP is displayed prompting for token code.  I assume this is working internally due to pass through authentication.


I would like to use the existing ADFS WAP's and from what I can make out I need to configure the ADC as a SAML SP.  Does anyone now if SSO is possible in this scenario?  We don't have FAS but from what I have read this is not required for access to XenDesktop.







Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...