Citrix Access Gateway Web Interface Proxy
- 1 Introduction
- 2 Prerequisites
- 3 Baseline
- 4 Architecture
- 5 Installation
- 6 Verifying the Installation
- 7 Uninstalling the PINsafe Integration
- 8 Troubleshooting
- 9 Known Issues and Limitations
- 10 Additional Information
This document is to supplement the Citrix Access Gateway and Citrix Web Interface documentation for the deployment of PINsafe on the Web Interface and using the Secure Ticket Authority to pass authentication from the Citrix Access Gateway to the Citrix Web Interface.
Citrix Access Gateway 5.x
Citrix Web Interface 5.x
Citrix Access Gateway 5.0
Citrix Web Interface 5.4
When a user authenticates to the Citrix Access Gateway, the authentication is passed to the Web Interface and the user may use PINsafe authentication.
PINsafe and Web Interface Integration Configuration
Follow the steps for the appropriate version of PINsafe Web Interface Integration on the PINsafe server see Integrations. Test that this integration is fully working.
CAG Standard and CAG VPX configuration and installation
Configure the Access Gateway with networking information in the required deployment scenario. On the CAG enter under Name Service Providers the IP address and Fully Qualified Hostname of the Web Interface server under the section HOSTS File.
Under Deployment Mode set the Access Gateway Mode to Appliance Only.
Set the Logon Point as home.
Configure the Logon Point Properties to authenticate with the Web Interface, using the hostname allows the DMZ IP address range to be hidden.
Enter the Web Interface server for the Web Address and Application Type should be WEBINTERFACE.
Configure the Web Interface as the STA (Secure Ticket Authority).
Citrix Web Interface configuration and installation
On the Citrix Web Interface edit the Secure Access Settings, Access Methods to be Gateway Direct.
The (FQDN) Fully Qualified Domain Name needs to be entered for the Gateway Settings
Additional Installation Options
Verifying the Installation
Browse to the login page and authenticate with PINsafe credentials.