Jump to content
Welcome to our new Citrix community!

Citrix Netscaler Login "Problem"

Recommended Posts



I am "new" in the citrix world, perhaps you can help me with this problem.


We have an access Website where we can access from external with citrix netscaler. The Server from the site is not in the domain its a DMZ Server in cause of decisons from the security office....


On this access site are different options to use. We can go to the webmail site, or to human ressources information etc.


We also can access from this site to the Citrix (receiver) site where we can se all our programms on the citrix site.


But there is one Problem witch are not comfortabele if the Users acces to the Access Site and then they click on Citrix Button to reach their citirix receiver site.

They have to input their login Data AGAIN. But only when they access from external Network.


Does anybody knows a solution how i can solve this problem and the user have not to input the login Data a second time?


Sorry for my bad english, i hope i described the problem so you can understand it.


I would be very happy about an answer.




Link to comment
Share on other sites

The issue may be in either the gateway session policy (or a traffic policy) that is needed to help gateway submit credentials to storefront; or the issue is on the storefront side's ability to accept credentials from gateway.


Which version of Citrix ADC firmware are you on and which version of CVAD/Storefront are you using?  

Is the gateway using classic authentication policies or advanced policies with a authentication vserver?


To clarify: when your users connect to the Gateway portal page, you have a Client Choices page that allows users to choose between Web, Gateway(vpn), or Citrix Receiver/Workspace connections?  And the issue is that the Receiver prompts requires a second authentication attempt?  Confirm that this page is displayed in browser as https://<gateway fqdn/Citrix/<StoreNameWeb>  This will also narrow down if this is an issue with the storefront handoff.



Depending on firmware version and classic vs. advanced authentication, gateway credential hand off is configured either in the Session Policy client experience as "passthrough creddentials to Web" checkbox (or similar wording).    You might have issues on the Published Apps/CVAD tab with sson domain being specific incorrectly as well.  

More recent firmware and/or advanced policies or nfactor may require a Traffic Policy for form sso to be configured to pass gateway through to storefront.


On the Store itself, you need to be sure that the authentication type allows passthrough from gateway and the gateway integration is correct.  You should be able to look for errors in the StoreFront server's event log (DeliveryService events under Application node).  

If load balanced, you might be having an issue with load balancing persistence or persistence timeout or gateway timeout doesn't match the storefront idle timeout.










Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...