Jump to content
Welcome to our new Citrix community!

how to configure login use smart card


Recommended Posts

I am use user and password connect to virtual desktop by netscaler gateway.

 

now, I want to use smart card to login.

 

First, I go to configure Authentication CERT Profile:

1.thumb.PNG.00f366ae5899be5d9be5df2d1a89e48f.PNG

 

Then, Create Authentication CERT Policy:

2.thumb.PNG.bf0ca22aa0aae80e35266c5d89e7e23b.PNG

 

Then, Add root ca to virtual server

3.thumb.PNG.93e28e2612e824d16d00cb2fbd8a4819.PNG

 

Then, add Basic Authentication --- select smart policy

4.thumb.PNG.d951ee4d0dbdce9c29a053491b320a22.PNG

After  these configurations are completed.

 

I cannot open the gatewate page.

5.thumb.PNG.49b692b1056e79e4696471c98ffd4a5f.PNG

 

Did I configure something wrong?

 

How should I configure smart card?

 

 

 

Link to comment
Share on other sites

Configuration on the Gateway looks fine. If you have smartcard connected to the device, browser is failing to detect the smart card.

Did you get the pin promt?

 

Find the resources below for configuring smartcard

https://support.citrix.com/article/CTX128418

https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/configure-client-cert-authentication/ng-client-cert-smart-card-tsk.html

 

Thanks,

Vamsi

Link to comment
Share on other sites

1) your showing the binding of the root cert to the vpn vserver. Do you also have a server cert bound to the vpn vserver so it can handle ssl traffic?

2) You also need to update the vpn vserver to do client cert authentication either under SSL parameters or SSL profile turn client cert authentication ON and choose whether smart card is optional or mandatory.

 

3)  You also have the Two Factor:ON setting in your client cert policy.

You will also need the ldap policy afterwards to handle the password portion. If you don't need a password after processing the cert, you can leave two-factor:off.

 

 

Link to comment
Share on other sites

2 hours ago, Vamsi Krishna1709162168 said:

Configuration on the Gateway looks fine. If you have smartcard connected to the device, browser is failing to detect the smart card.

Did you get the pin promt?

 

Find the resources below for configuring smartcard

https://support.citrix.com/article/CTX128418

https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/configure-client-cert-authentication/ng-client-cert-smart-card-tsk.html

 

Thanks,

Vamsi

 

Workspace also cannot use smart card and cannot get the pin promt.

Link to comment
Share on other sites

33 minutes ago, Rhonda Rowland1709152125 said:

1) your showing the binding of the root cert to the vpn vserver. Do you also have a server cert bound to the vpn vserver so it can handle ssl traffic?

2) You also need to update the vpn vserver to do client cert authentication either under SSL parameters or SSL profile turn client cert authentication ON and choose whether smart card is optional or mandatory.

 

3)  You also have the Two Factor:ON setting in your client cert policy.

You will also need the ldap policy afterwards to handle the password portion. If you don't need a password after processing the cert, you can leave two-factor:off.

 

 

 

1) I have a server certificate on the vpn virtual server.

1.thumb.PNG.4bc8c331fd9eba9ba53d8cfd44a33539.PNG

 

2) I have make check the client authentication and select OPTIONAL

2.thumb.PNG.5eae3dcedda6fcd3367e06e8db32bf88.PNG

 

 

Now, when use workspace show "Citrix workspace cannot find a valid smart card certificate."

but, I connect to sortfron, the smart card is OK.

 

3) I have try change Two Factor, ON or OFF are the same thing.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...