Jump to content
Welcome to our new Citrix community!

ADC 13.x act as Gateway for DaaS with IDP Okta - ICA connection log users as "Anonymous"


Recommended Posts

Hi Everyone!

 

I need help please, it is related to DaaS, ADC and Okta.

Setup :

Citrix DaaS 

ADC VPX NS 13.0 86.17.nc 

VDA 2203 LTSR

Okta IDP

 

I have configured a Citrix Gateway (ADC on-prem) connected to our Citrix DaaS. 

All is working fine except that users are logged as "Anonymous" in ICA log connection when they access their VDI through ADC gateway (on-prem).

image.thumb.png.e093bfef396415aada0be861182b6220.png

 

I was pretty sure that was because of our IDP Okta, which was not configured on ADC, and ADC was not able to pass SAML to decrypt username. It seems I was wrong...

I've setup Okta as SAML on my Citrix Gateway on-prem using Okta support link below, and I still don't have username in ICA connection Log. 

 

https://support.okta.com/help/s/article/Citrix-NetScaler-Gateway-SAML-Configuration-Guide?language=en_US&_ga=2.239746308.625397690.1597538014-553316663.1597036264&_gl=1*1r3rddf*_ga*MTYwODA0MDcxMS4xNjU0NTIwMTU4*_ga_QKMSDV5369*MTY1NDUyMDE1Ny4xLjEuMTY1NDUyMDQyNS41Mg..

 

Anyone has an idea what I'm missing ? 

 

Thanks for your help ! 

 

Cheers.

 

Link to comment
Share on other sites

Hi Thomas,

 

just for clarification - as you wrote using your OnPrem ADC as IdP with Okta - but Users are also connecting through your OnPrem ADC Gateway (with OnPrem StoreFront or as a Traditional Gateway?), which options you are using on your Cloud Tenant on these two settings:

 

image.thumb.png.69a101adefbd172c77aca90095d981fc.png

 

image.png.52040bbdf83f417ee9d124a277b28622.png

 

I'm asking because if you're using the "Traditional Gateway" connectivity Type, the Anonymous ICA Connections are the default, as this works as designed.

 

Best Regards

Julian

 

Link to comment
Share on other sites

Hi Julian! 

 

I'm using ADC on prem as Traditional Gateway Service with OKTA connected as SAML 2.0 for Workspace Authentication.

image.thumb.png.d058da1aaa62503533cec23e7d37706c.png

image.thumb.png.55911a84f8fc2816d448555417d76849.png

And I've added Okta as SAML Policy on Citrix Gateway/virtual server on ADC on-prem.

 

image.thumb.png.663c5acc3e9934e2892000c52bfcab46.png

 

Is there a setting that I can change to be able to get username while users are connecting through Traditional Gateway ? 

 

Thank you for your help Julian ! Really appreciate it ! 

 

Best regards,

Link to comment
Share on other sites

  • 2 weeks later...

I think the only way - if it's a must have to use a OnPrem ADC for Traffic (and not the Gateway Service) - is to disable Traditional Gateway (as this is always using Anonymous connections) and use your OnPrem ADC with OnPrem StoreFront, connected with your Cloud Connectors. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...