Jump to content
Welcome to our new Citrix community!
  • 0

NetScaler Gateway Passthrough Authentication password source

Christoph Sinabell


Hi all,


Does anyone have official documentation how the remote users username and password are passed to the VDA when launching resources through NetScaler Gateway? All available documentation simply omit that part. 


Following scenario:

  • User uses private device remotly on non-domain joined client.
  • Uses web-browser and authenticates via username/password of domain foo.bar on NetScaler Gateway URL.
  • Clicks on published desktop.
  • Desktop starts using local Citrix Workspace App (with absolutely unconfigured stores and no Single-Sign On installed).
  • User is logged onto the remote published desktop with domain user foo.bar without re-entering credentials.


From what I found in an old internal document passed around at some conference from a time when there was still XenDesktop, the password is bascially pushed down from NetScaler  (caches Username/Password)-> StoreFront -> DDC (via XML). The VDA seems to use the LaunchReference to contact one of the DDCs which hold the username/password in memory to return the username/password to pass to winlogon.exe. The DDC then clears the username/password from memory. On the next click on an app and if the NetScaler Gateway session ticket is still valid the process repeats (NetScaler (has cached password) -> StoreFront -> DDC ...).




Link to comment

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...