Jump to content
Welcome to our new Citrix community!

Filter Client-Cert Authentication based on Expressions (Clientplugins)


Recommended Posts

Hello,

 

according to the latest workspace app feature matrix, User-Cert-Auth is only supported via browser:

image.thumb.png.05faec0444d5cf818175a61c84a609d6.png

 

Is there a way to filter user-cert-auth based on which client is trying to connect to my gateway? Examples:

 

- Browserway -> Check and search for compatible usercert, prefill username and present only Password

- Workspace App Windows / iOS -> Don't check for usercert and fallback to the MFA (Password and Token) nfactor way

- Gateway Plugin Windows / iOS -> Don't check for usercert and fallback to the MFA (Password and Token) nfactor way

 


As soon as I enable user-cert-auth and setting Client Authentication to "Optional" on my nfactor aaa and gatway vserver, I got problems connecting with all methods except the browser-way as there is always a certcheck which breaks the complete nfactor flow, in detail it breaks adding new accounts in workspace app and gateway plugin as these clients / apps forcing the clientcert-way which is absolutely incorrect. 

I tried to filter the usercert auth policy expressions like this:

image.thumb.png.b45bd282b7347ac695411187bd163396.png

but it looks like it's not hitting, correctly. I think the main problem is the way how netscaler is checking the "Optional" clientcert way:

image.png.675ca3be691d11690c547f042a4c5e4a.png

 

Any ideas? Possible way to use listen policy on my gateway?

 

Thanks for your help

Best Regards

Julian

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...