Citrix Access Gateway Web Interface Proxy

From Swivel Knowledgebase
Jump to: navigation, search


Introduction

This document is to supplement the Citrix Access Gateway and Citrix Web Interface documentation for the deployment of PINsafe on the Web Interface and using the Secure Ticket Authority to pass authentication from the Citrix Access Gateway to the Citrix Web Interface.


Prerequisites

Citrix Access Gateway 5.x

Citrix Web Interface 5.x

PINsafe 3.x


Baseline

Citrix Access Gateway 5.0

Citrix Web Interface 5.4

PINsafe 3.8


Architecture

When a user authenticates to the Citrix Access Gateway, the authentication is passed to the Web Interface and the user may use PINsafe authentication.


Installation

PINsafe and Web Interface Integration Configuration

Follow the steps for the appropriate version of PINsafe Web Interface Integration on the PINsafe server see Integrations. Test that this integration is fully working.


CAG Standard and CAG VPX configuration and installation

Configure the Access Gateway with networking information in the required deployment scenario. On the CAG enter under Name Service Providers the IP address and Fully Qualified Hostname of the Web Interface server under the section HOSTS File.

CAG Standard 5 WI Name Service Providers.jpg


Under Deployment Mode set the Access Gateway Mode to Appliance Only.

CAG Standard 5 WI Standalone.jpg


Set the Logon Point as home.

CAG Standard 5 WI Logon points.jpg


Configure the Logon Point Properties to authenticate with the Web Interface, using the hostname allows the DMZ IP address range to be hidden.

CAG Standard 5 WI Logon point properties.jpg


Enter the Web Interface server for the Web Address and Application Type should be WEBINTERFACE.

CAG Standard 5 WI Logon point XenApp ICA permitted.jpg


Configure the Web Interface as the STA (Secure Ticket Authority).

CAG Standard 5 WI Logon point XenApp STA.jpg


Citrix Web Interface configuration and installation

On the Citrix Web Interface edit the Secure Access Settings, Access Methods to be Gateway Direct.

CAG Standard 5 WI XenApp settings Gateway Direct.jpg


The (FQDN) Fully Qualified Domain Name needs to be entered for the Gateway Settings

CAG Standard 5 WI XenApp settings Gateway Settings.jpg


Additional Installation Options

Verifying the Installation

Browse to the login page and authenticate with PINsafe credentials.


Uninstalling the PINsafe Integration

Troubleshooting

Known Issues and Limitations

Additional Information