9/26/2019 Netscaler Gateway Citrix Receiver
This article describes how to configure NetScaler Gateway domain only authentication with StoreFront and App Controller for end users using Citrix Secure Hub, Citrix Receiver, or a web browser. Configuration on NetScaler. Create the clientless access policies required:. Create the clientless access policy and profile for Citrix Receiver and Secure Hub. For more information refer to Citrix Documentation -. Create the clientless access policy and profile for Receiver for Web.
Until the product End of Life date, product documentation is available on the Product Documentation (docs.citrix.com) site. Legacy After a product or component’s End of Life date, the documentation is saved (typically in.pdf format) for five years and linked to from a comprehensive list of legacy documents.
For more information, refer to Citrix Documentation -. Create the session policy/profile for Secure Hub on iOS and Android. Session Policy Session Profile Network Configuration Tab Client Experience Tab Security Tab Published Applications Tab Note: The URL entered in the Account Services Address field in the Published Applications tab must match the App Controller’s configured Host name available in the App Controller’s Control Point Settings Network Connectivity section. Create the session policy/profile for Citrix Receiver for Windows/Mac. Session Policy Session Profile Network Configuration Tab Client Experience Tab Security Tab Published Applications Tab Note: The Web Interface Address and Account Services Address in the Published Applications tab must match the StoreFront Base URL which can be found on the StoreFront server’s management console.
Ensure that a forward slash “/” is not added at the end of the URL. Create the session policy/profile for web browsers. Session Policy Session Profile Network Configuration Tab Client Experience Tab Security Tab Published Applications Tab Note: Use the Receiver for Web URL on the StoreFront Management console for the Web Interface Address field in the Published Applications tab and for the Home Page field, under the Client Experience tab. Select one of the following options (explained in the Background section of this article). With either option, the clientless access policies created in Step 1 must be bound to all NetScaler Gateway virtual servers. Option 1: Create two NetScaler Gateway virtual servers in Smart Access mode and bind the following session policies with their associated profiles: Virtual Server 1 for Secure Hub. Bind the clientless access policy created for Secure Hub in Step 1.
Bind the Secure Hub session policy created in Step 2. Virtual Server 2 for Citrix Receiver and Web Browser. Bind both clientless access policies created in Step 1 – the Receiver clientless access policy must have a higher priority than the web browser clientless access policy.
Bind the Citrix Receiver session policy created in Step 3. Bind the web browser session policy created in Step 4. OR. Option 2: Bind all the session policies created to a single NetScaler Gateway virtual server in Smart Access mode. Virtual Server for Secure Hub, Citrix Receiver, and Web Browser.
Bind both clientless access policies created in Step 1. Bind the Secure Hub session policy from Step 2 – this must have the highest priority. Bind the Citrix Receiver session policy from Step 3 – this must have the second highest priority. Bind the web browser session policy from Step 4 – this must have the third highest priority. Clientless Access Policies Note: The clientless access policy for Citrix Receiver/Secure Hub must have a higher priority.
These clientless policies must be bound directly to the NetScaler Gateway virtual servers. Configuration on StoreFront. Enable access to Web/SaaS apps to Citrix Receiver or Receiver for Web by adding App Controller as a Delivery Controller on StoreFront. For more information, refer to Citrix Documentation -. Note: Use the host name of the App Controller in the Server field when configuring the StoreFront Delivery Controller. The StoreFront server must trust the issuer of the App Controller’s server certificate (Root and/or Intermediate certificates) because the protocol used by StoreFront to communicate to the App Controller is HTTPS.
Establish the trust between StoreFront and App Controller. For more information, refer to Citrix Documentation - Note: Set the StoreFront as an auth server option to OFF. Set the Use the StoreFront Base URL on the Web Address field.
![]()
At this point, you can access Web/SaaS apps through StoreFront, without the NetScaler Gateway. Test this before proceeding to integrate the NetScaler Gateway. Enable Pass-through from NetScaler Gateway on StoreFront. For more information, refer to Citrix Documentation -. Note: StoreFront must trust the issuer of the NetScaler Gateway virtual server’s bound certificate (Root and/or Intermediate certificates) for the Authentication Callback service. Add NetScaler Gateway to StoreFront.
For more information, refer to Citrix Documentation -. Note: The Gateway URL must match exactly what the users are typing into the web browser address bar. Enable remote access on the StoreFront store. For more information, refer to Citrix Documentation -. Configuration on App Controller. Enable access to Windows based apps for Secure Hub on the App Controller.
For more information, refer to Citrix Documentation -. Configure the trust settings for NetScaler Gateway on App Controller. For more information, refer to Citrix Documentation -. Note: The NetScaler Gateway URL must match exactly what the users are typing into the web browser address bar. Additional Configuration Steps. To use MicroVPN with MDX wrapped apps, refer to CTX136914 - for the list of requirements. On the NetScaler, the App Controller host name and StoreFront Base URL must be included in the Allow Domains list found in NetScaler Gateway Global Settings Configure Domains for Clientless Access.
For more information, refer to Citrix Documentation -. A DNS server must be configured on the NetScaler that can resolve the App Controller and StoreFront FQDNs to their respective IP address. On the NetScaler, if Citrix Secure Mail is being deployed from the App Controller, add the App Controller as an STA. For more information, refer Citrix Blog - and Citrix Documentation -. (Optional) If you plan to deploy internal websites through the App Controller, ensure to add the following VPN Session policy and profile for Windows/Mac Receiver clients. This will only apply for Citrix Receiver, mobile devices will use MicroVPN. Session Policy Session Profile Network Configuration Tab Client Experience Tab Security Tab Published Applications Tab Note: The Home Page field in the Client Experience tab must have the full path to the Receiver for website on StoreFront.
Additional Resources.
Navigation. This page details creation of session profiles and session policies for NetScaler Gateway 11.1 where ICA Only is checked. Hi Carl, Great article. I’ve been testing the Receiver across various devices, but seem to run into problems on the Android and Windows Mobile with the above setup.
![]()
If I use the above setup I can login to Andriod but not Windows I can however get both working if I specify the remoteaddress/citrix/storeweb, but with the the Android App it goes to the Storefront Web Address. Have you experienced this before? Also with the Android receiver when I click on the log off button and I try to log back in I get HTTP 1.1/ Object not found. Another weird one is when opening multiple applications it doesn’t open the active application, but the previous applications.
This work on iPad, but on all other mobile devices it doesn’t. Regards, Shaun.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |