Citrix Access Gateway Web Interface Proxy

From Swivel Knowledgebase
Jump to: navigation, search


This document is to supplement the Citrix Access Gateway and Citrix Web Interface documentation for the deployment of PINsafe on the Web Interface and using the Secure Ticket Authority to pass authentication from the Citrix Access Gateway to the Citrix Web Interface.


Citrix Access Gateway 5.x

Citrix Web Interface 5.x

PINsafe 3.x


Citrix Access Gateway 5.0

Citrix Web Interface 5.4

PINsafe 3.8


When a user authenticates to the Citrix Access Gateway, the authentication is passed to the Web Interface and the user may use PINsafe authentication.


PINsafe and Web Interface Integration Configuration

Follow the steps for the appropriate version of PINsafe Web Interface Integration on the PINsafe server see Integrations. Test that this integration is fully working.

CAG Standard and CAG VPX configuration and installation

Configure the Access Gateway with networking information in the required deployment scenario. On the CAG enter under Name Service Providers the IP address and Fully Qualified Hostname of the Web Interface server under the section HOSTS File.

CAG Standard 5 WI Name Service Providers.jpg

Under Deployment Mode set the Access Gateway Mode to Appliance Only.

CAG Standard 5 WI Standalone.jpg

Set the Logon Point as home.

CAG Standard 5 WI Logon points.jpg

Configure the Logon Point Properties to authenticate with the Web Interface, using the hostname allows the DMZ IP address range to be hidden.

CAG Standard 5 WI Logon point properties.jpg

Enter the Web Interface server for the Web Address and Application Type should be WEBINTERFACE.

CAG Standard 5 WI Logon point XenApp ICA permitted.jpg

Configure the Web Interface as the STA (Secure Ticket Authority).

CAG Standard 5 WI Logon point XenApp STA.jpg

Citrix Web Interface configuration and installation

On the Citrix Web Interface edit the Secure Access Settings, Access Methods to be Gateway Direct.

CAG Standard 5 WI XenApp settings Gateway Direct.jpg

The (FQDN) Fully Qualified Domain Name needs to be entered for the Gateway Settings

CAG Standard 5 WI XenApp settings Gateway Settings.jpg

Additional Installation Options

Verifying the Installation

Browse to the login page and authenticate with PINsafe credentials.

Uninstalling the PINsafe Integration


Known Issues and Limitations

Additional Information