Jump to content
Welcome to our new Citrix community!

NetScaler with authentication at Storefront


Koichi Namura

Recommended Posts

Hi

I'm trying to configure  a NetScaler with Double autntication.

  • 1st authentication : SAML on inwebo
  • 2nd authentication LDAP but AT the storefront server and not on the NetScaler.

 

On the NetScaler , I've done all the configuration using the XenAnn and XenDesktop wizrd. I've specified that the authenticatiion will be done At Storefront.

However, I'm unable to export the GatewayConfiguration.zip for the related virtual server to import it on the storefront. I'm unable to select the Vserver.

image.thumb.png.c099ad0e3563ea1bef3a52b6a97bd820.png

image.thumb.png.33607fd064a4e9a36348470ab6a625c2.png

 

 

So, I've configured the Storefront without importing that file. 

In the Store "remote Access Settings" i'll have configured the NetScaler Gateway " correctly ((FQDN, the correct URL, the correct STA servers"....

All certiifcate are correctly installed on both Netscaler and STF.  From  the STF server, using the browser I can connect to the Netscaler VIP. and the Certificats Chain is valid. 

On the StoreAuthentication Methode, i've disabled Pass-through from NetScaler Gateway and keeped only User name and Password.

When I connect to the VIP, I'm redirected to the inwebo IDP and then to the storefront server . But when I try authenticate on the storefront with my domain user anme and password, I got the "Your logon has expired ....." message.   LDAP authentication on the NetScaler work fine for an other store on the same storefront server. 

 

 

Any help please.

 

Many thanks

Koichi

 

Link to comment
Share on other sites

See https://docs.citrix.com/en-us/storefront/1912-ltsr/integrate-with-citrix-gateway-and-citrix-adc.html#configure-storefront-log-on-when-authentication-is-disabled-on-citrix-gateway-vip

 

Also, in your Gateway vServer > Session Policies, you might have to uncheck Single Sign On to Web Applications or configure a Traffic Policy to disable SSO.

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...