Jump to content
Welcome to our new Citrix community!
  • 0

Browser Content Redirection with Proxy Authentication


Lukas Meyer1709160800

Question

Hi

Browser content redirection is working well in our environment with Google Chrome if we route the traffic direct from vda to internet. We are using server fetch/client rendering mode.

As soon as we use our proxy server which is using kerberos authentication with active directory groups, it is not working.

Does anybody knows if it is possible to use a proxy server with authentication on browser content redirection and if yes, how to configure that?

 

Thanks for clarification.

Cheers

Lukas

Link to comment

3 answers to this question

Recommended Posts

  • 0

Hi Lukas

 

old thread but i came across this requirement today.

If you change the account under which the "Citrix HDX Browser Redirection Service" is running (from NT AUTHORITY\SYSTEM to a domain user account which has permissions to access the internet sites) then it works for me. Unfortunately this is not ideal. What would be better would be some way of this service to masquerade as a domain use when connecting to the proxy server. I haven't come across anything that will allow this but only just started looking.

 

Regards

 

Ken Z

Link to comment
  • 0

Hi Lukas

 

old thread but i came across this requirement today.

If you change the account under which the "Citrix HDX Browser Redirection Service" is running (from NT AUTHORITY\SYSTEM to a domain user account which has permissions to access the internet sites) then it works for me. Unfortunately this is not ideal. What would be better would be some way of this service to masquerade as a domain use when connecting to the proxy server. I haven't come across anything that will allow this but only just started looking.

 

Regards

 

Ken Z

Link to comment
  • 0

Question to the floor

 

reading the docs on this, it appears that the newer versions of CVAD now support this configuration and a popup dialog box appears if the firewall requires authentication via server fetch client render. see https://support.citrix.com/article/CTX230052 

 

"Proxies that require explicit authentication are supported with CWA for Windows 1907 or higher."

 

although the following article https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings/browser-content-redirection-policy-settings.html says

 

"Then configure the downstream web proxy to authenticate the VDA users through the Negotiate authentication scheme."

 

Not being a firewall guy, not sure what this means. Anyone done this with a Smoothwall firewall/web filtering device?

 

Regards

 

Ken Z

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...