Citrix Access Gateway Standard 5.x

From Swivel Knowledgebase
Jump to: navigation, search


Introduction

This document covers the integration of Swivel with the Citrix Access Gateway Standard edition. The standard edition allows authentication using SMS, Email, Mobile Phone applet, Swivel Taskbar, but does not allow the single channel image to be embedded into the login page. To allow the single channel image to be embedded into the login page, the following options are available:


Prerequisites

Swivel 3.x

Citrix Access Gateway 5.x


Baseline

PINsafe 3.8

CAG Standard 5.0.3


Architecture

Authentications are made against Swivel using RADIUS.


Installation

Swivel Configuration

Configuring the RADIUS server

On the Swivel Administration console configure the RADIUS Server and NAS, see RADIUS Configuration


Setting up PINsafe Dual Channel Transports

See Transport Configuration


Citrix Access Gateway Standard Edition Integration

Follow the Citrix Access Gateway Standard Edition Administration guide to configure RADIUS authentication.


CAG RADIUS Properties

On the CAG Configuration, configure one or more PINsafe instances as a RADIUS server.


CAG Standard 5 RADIUS Properties.jpg


CAG logon Point Properties

Configure Swivel as an authentication server. Swivel would usually be configured as a secondary authentication server with AD as the primary authentication server using RADIUS. In this example Single Sign ON is being used to the Citrix Web Interface, and has been created as a basic logon point.


CAG Standard 5 login point properties.jpg


Additional Installation Options

Verifying the Installation

Browse to the CAG login page and enter username, AD Password and OTC from the SMS or Mobile Phone Client. Check the PINsafe logs to ensure that a RADIUS request has been seen.

CAG Standard 5 login.jpg


Uninstalling the PINsafe Integration

Troubleshooting

Known Issues and Limitations

Additional Information

For additional features use the Advanced Access Controller. This allows customised login pages and the Single Channel Turing Image authentication, see Citrix Access Gateway Advanced 4.x