bind aaa group rabale-group -policy Allow_Cert-Portal -priority 100 -gotoPriorityExpression END
bind aaa group rabale-group -policy Allow_StoreFront -priority 110 -gotoPriorityExpression END
bind aaa group rabale-group -policy Deny_ALL -priority 120 -gotoPriorityExpression END
Problem Statement >
Testing SPA resources using WorkspaceApp 2303 version from end-user system. Only able to get see CVAD resources. Published Web content is not visible to users.
Question
Shahzad Siddique 2
Hi Folks,
Evaluating Citrix SPA Onprem for publishing intranet Web Url, followed below link
https://docs.citrix.com/en-us/tech-zone/build/deployment-guides/secure-private-access-on-premises.html#configuration-process
Setup Details:
Citrix CVAD 2203 -Cu2
Netscaler - 13.1 build 45
Workspace App: 2303 (Embedded enterprise browser)
Configuration Steps followed for building SPA Onprem
1. Created Blank Delivery Group and published Content and associated to blank DeliveryGroup
Add-PsSnapin Citrix*
new-BrokerDesktopGroup -Name "SPA-DG" -DesktopKind 1
$deliveryGroupName = "SPA-DG"
$appURL = "https://dc01.xen.lab/certsrv/"
$appName = "Cert-Portal"
$appIconFilePath = "C:\g2m.ico"
$appDescription = "KEYWORDS:SPAENABLED"
$deliveryGroupUid = (Get-BrokerDesktopGroup -DesktopGroupName $deliveryGroupName).Uid
New-BrokerApplication -ApplicationType PublishedContent -CommandLineExecutable $appURL -Name $appName -DesktopGroup $deliveryGroupUid -Description $appDescription
Get-BrokerApplication -ApplicationType PublishedContent | Format-Table @{Label="Type"; Expression={$_.ApplicationType}},Name,@{Label="URL"; Expression={$_.CommandLineExecutable}},@{Label="Delivery group"; Expression={(Get-BrokerDesktopGroup -Uid $_.AssociatedDesktopGroupUids[0]).Name}},Description
2. Created Policy.json file on Storefront under below path
mkdir C:\inetpub\wwwroot\Citrix\spa\Resources
mkdir C:\inetpub\wwwroot\Citrix\spa\Resources\SecureBrowser
Copied policy.json file to Secure browser directory
3. Run PowerShell script with the code mentioned in Above link to change web.config
4. Configure Onprem Netscaler gateway for enabling CLientAccess,Web address encoding, enabling secure browse, excluding SF & Citrix FQDNs from clientless access mode (globally)
add vpn sessionAction SPA-act -transparentInterception OFF -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential PRIMARY -useMIP NS -useIIP OFF -icaProxy OFF -wihome "https://ddc01.xen.lab/Citrix/spaWeb" -ClientChoices OFF -ntDomain xen.lab -clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -SecureBrowse ENABLED -storefronturl "https://ddc01.xen.lab"
add vpn sessionPolicy SPA_SessionPol "aaa.USER.IS_MEMBER_OF(\"rabale-group\")" SPA-act
bind policy patset ns_cvpn_default_bypass_domains citrix.com -index 4
bind policy patset ns_cvpn_default_bypass_domains ddc01.xen.lab -index 5
5. Created Authorization policy and bind Web resources to AAA group
add aaa group rabale-group
add authorization policy Allow_StoreFront "HTTP.REQ.HOSTNAME.CONTAINS(\"ddc01.xen.lab\")" ALLOW
add authorization policy Deny_ALL true DENY
add authorization policy Allow_Cert-Portal "HTTP.REQ.HOSTNAME.CONTAINS(\"dc01.xen.lab\")" ALLOW
bind aaa group rabale-group -policy Allow_Cert-Portal -priority 100 -gotoPriorityExpression END
bind aaa group rabale-group -policy Allow_StoreFront -priority 110 -gotoPriorityExpression END
bind aaa group rabale-group -policy Deny_ALL -priority 120 -gotoPriorityExpression END
Problem Statement >
Testing SPA resources using WorkspaceApp 2303 version from end-user system. Only able to get see CVAD resources. Published Web content is not visible to users.
Thanks in Advance
Shahzad Siddique
nsrunning (4).conf
SPA-Onprem Steps.txt
Link to comment
4 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now