Jump to content
Welcome to our new Citrix community!

We Need OAuth 2.x or newer support for Citrix CAG part of Netscaler.


Recommended Posts

SAML is End of Life in Azure and furthermore all SAML Authentication in Azure is ADAL not MSAL.

If you do ADAL Auth you are missing out alot of the new security features such as new conditional access rules and so on. i started writing a terraform CAG Module / XenApp/XenDesk module today and it was sad to see that there is still only SAML supported for CAG.

Link to comment
Share on other sites

Just adding more information to this post to make it easier to understand how SAML = End of Life..

It is not possible to get a SAML Assertion with MSAL. ADAL is End of Life..

Quote from article below: "All Microsoft support and development for ADAL, including security fixes, ended on June 30, 2023."

https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-migration

Link to comment
Share on other sites

  • 2 weeks later...

I have tried in the past to bind a Auth Profile to a CAG. The Auth profile points to a aaa_vserver with OAuth 2.x enabled but it doesnt work as long as i use OAuth.

Are there any other ways to bind an OAuth Auth action to a vpn vserver / CAG / Citrix Access GW?

Maybe i have overlooked some smart way to implement OAuth on a vpn vserver.

Link to comment
Share on other sites

Hello Kai,

what do you exactly need? I'm using NetScaler as OAuth SP (connected to a F5 BigIP as IdP) and OAuth IdP (connected to a Keycloak as SP) at some of my customer's instances. You can't bind an OAuth Policy directy to a VPN vServer, thats correct. You always have to use an auth profile, linked to an AAA vServer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...