External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy



Similar documents
External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Access Gateway Advanced Edition

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with CiscoSecure ACS. Authenticating Users Using. SecurAccess Server. by SecurEnvoy

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Windows 2008 Server with Routing and Remote Access Service Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

Microsoft Outlook Web Access 2003 using Microsoft Internet Information Server v6.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Office365 with Active Directory Federated Services (ADFS) Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Netscreen 25 Remote VPN Authenticating Users Using SecurAccess Server by SecurEnvoy

Compiled By: Chris Presland v th September. Revision History Phil Underwood v1.1

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy IIS Web Agent. Version 7.2

External Authentication with Cisco Router with VPN and Cisco EZVpn client Authenticating Users Using SecurAccess Server by SecurEnvoy

SecurEnvoy Windows Login Agent

SSH to Ubuntu Server Authenticating Users Using SecurAccess Server by SecurEnvoy

NSi Mobile Installation Guide. Version 6.2

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Defender Token Deployment System Quick Start Guide

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

SecurEnvoy Reporting Wizard

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Configuring User Identification via Active Directory

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

SecurEnvoy Security Server Installation Guide

BlackShield ID Best Practice

Cloud Services ADM. Agent Deployment Guide

Active Directory integration with CloudByte ElastiStor

IIS, FTP Server and Windows

Configuring Global Protect SSL VPN with a user-defined port

HOTPin Integration Guide: DirectAccess

Deploying RSA ClearTrust with the FirePass controller

Multi-factor Authentication using Radius

1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

Active Directory Management. Agent Deployment Guide

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

2X ApplicationServer & LoadBalancer Manual

ZyWALL OTPv2 Support Notes

SafeWord Domain Login Agent Step-by-Step Guide

DIGIPASS Authentication for GajShield GS Series

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

DIGIPASS Authentication for SonicWALL SSL-VPN

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

2X ApplicationServer & LoadBalancer Manual

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

2X ApplicationServer & LoadBalancer Manual

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Active Directory Management. Agent Deployment Guide

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

extranet.airproducts.com Windows XP Client Configuration

my.airproducts.com Windows Vista Client Configuration

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

XenDesktop Implementation Guide

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

How to Logon with Domain Credentials to a Server in a Workgroup

Microsoft IAS Configuration for RADIUS Authorization

Active Directory Authentication Integration

RSA Authentication Manager 7.1 Basic Exercises

Establishing two-factor authentication with Barracuda NG Firewall and HOTPin authentication server from Celestix Networks

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

WHITE PAPER Citrix Secure Gateway Startup Guide

Application Note 8: TrendView Recorders DCOM Settings and Firewall Plus DCOM Settings for Trendview Historian Server

SCENARIO EXAMPLE. Case study of an implementation of Swiss SafeLab M.ID with Citrix. Redundancy and Scalability

ADFS Integration Guidelines

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Training module 2 Installing VMware View

Authentication Methods

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG)

How to Secure a Groove Manager Web Site

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

SecurEnvoy Security Server. SecurMail Solutions Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Immotec Systems, Inc. SQL Server 2005 Installation Document

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

How to Implement the X.509 Certificate Based Single Sign-On Solution with SAP Netweaver Single Sign-On

Installing and Configuring Active Directory Agent

Managing User Accounts

BlackShield ID Agent for Remote Web Workplace

Accessing the Media General SSL VPN

Transcription:

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business Park Theale Reading RG7 4TY Phil Underwood Punderwood@securenvoy.com

Citrix Integration Guide This document describes how to integrate a Citrix Secure Gateway - Presentation server with SecurEnvoy two-factor Authentication solution called SecurAccess. Citrix Secure Gateway - Presentation server provides - Secure Remote Access to the internal corporate network for all Client/Server applications. SecurAccess provides two-factor, strong authentication for remote Access solutions (such as Citrix), without the complication of deploying hardware tokens or smartcards. Two-Factor authentication is provided by the use of (your PIN and your Phone to receive the one time passcode) SecurAccess is designed as an easy to deploy and use technology. It integrates directly into Microsoft s Active Directory and negates the need for additional User Security databases. SecurAccess consists of two core elements: a Radius Server and Authentication server. The Authentication server is directly integrated with LDAP or Active Directory in real time. SecurEnvoy Security Server can be configured in such a way that a Single Sign On solution can be completed. Utilising the Windows password as the PIN, allows The User enters their UserID, Windows password and One Time Passcode received upon their mobile phone. The SecurEnvoy Web agent passes this information to the Security server where it carries out a Two-Factor authentication, as the Windows password was presented, this can be passed to the back end Citrix Presentation server, where a Windows authentication takes place. All this happens without any user intervention. It provides a seemless login into the Citrix Environment by entering three pieces of information. SecurEnvoy utilizes a web GUI for configuration, whereas the Citrix environment uses a mixture of Web GUI and applications. All notes within this integration guide refer to this type of approach. The equipment used for the integration process is listed below: Citrix Citrix Metaframe XPe feature release 3 Web Interface for Presentation Server version 3.0 Microsoft Windows 2003 server SP1 IIS installed with SSL certificate (For Citrix Environment) SecurEnvoy Windows 2003 server SP1 IIS installed with SSL certificate (required for management and remote administration) Active Directory installed or connection to Active Directory via LDAP protocol. SecurAccess software release v3.01 0100 SecurAccess Microsoft IIS web agent v3.01 agent 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 2

Index 1.0 Pre Requisites... 3 1.1 Installation Overview... 3 2.0 Installation of SecurEnvoy - Microsoft IIS Web Agent... 4 2.1 Configuration of SecurEnvoy - Microsoft IIS Web Agent... 4 3.0 Configuration of SecurEnvoy Admin... 6 4.0 Test Logon... 7 5.0 Single Sign On Solution... 8 1.0 Pre Requisites It is assumed that Citrix Metaframe server(s) are already installed and that a SSL certificate is installed upon the Web server running the Citrix Web services, this guide is for the setup of Citrix Secure Gateway and Presentation Server (Web Interface) on one machine to integrate with SecurEnvoy. Prior to the installation of SecurEnvoy software, please make sure that a Citrix user can connect, authenticate and run applications using existing Windows Domain credentials. SecurEnvoy requires an account that has read and write privileges to the Active Directory, if firewalls are between the SecurEnvoy Security servers, SecurEnvoy IIS Web agent and Active Directory servers, additional open ports will be required. 1.1 Installation Overview Installation of both Citrix Secure Gateway (CSG) and Citrix Web Interface upon the same physical machine. This requires additional configuration to Citrix Web interface, to allow Microsoft IIS web services to interact. Microsoft IIS is configured to use port 443 for SSL connectivity. In this scenario the SecurEnvoy IIS Web agent is installed upon the Citrix Web Interface machine. All references to IP addresses and machine names are taken for the Installation and Machine information tables. Installation Information Domain name Securenvoy.com Citrix machine Citrix.Securenvoy.com Metaframe Farm SecHQ Servers 10.1.10.100, 10.1.10.101, 10.1.10.102 Secure Ticket Authority STA01.Securenvoy.com SecurEnvoy Server SecAuth.Securenvoy.com 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 3

Machine Information Name IP Address Citrix.Securenvoy.com 192.168.200.100 Metaframe Farm SecHQ 10.1.10.100, 10.1.10.101, 10.1.10.102 STA01.Securenvoy.com 10.1.10.22 SecAuth.Securenvoy.com 10.1.10.50 2.0 Installation of the SecurEnvoy Microsoft IIS Web agent The Microsoft IIS agent is located in the Agent directory of the SecurEnvoy software distribution Install this agent on your Citrix Presentation Server 2.1 Configuration of SecurEnvoy - Microsoft IIS Web Agent Launch the IIS management interface, either from Start, All Programs, SecurEnvoy, IIS Config MMC or from Microsoft s MMC for IIS. Expand the Web site list on the navigation pane and right mouse click Default Web Site, then select Properties. Machine Name: Citrix Service: SecurEnvoy Security Server: Protected web resource: Citrix.securenvoy.com CSG and Web Interface SecAuth.securenvoy.com /Citrix 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 4

Select the Enable SecurAccess Authentication On This Server check box to enable the IIS agent on this server. Note the Allow Non Secure Connections must NOT be checked as Citrix redirects all communication via https. To enable protection of the Citrix server, navigate the web site tree within the IIS snap-in, select the Citrix folder and go to the properties of this web folder. Select the SecurEnvoy tab and click enable then select Forms Based Authentication. Once completed click OK and then click the restart Web. 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 5

2.2 Additional Configuration of SecurEnvoy - Microsoft IIS Web Agent Edit the file c:\windows\seiis.ini Locate HTTP_HOST= and add just the server part of the URL you are trying to connect to. In this example we are trying to connect to https://secauth.securenvoy.com/citrix so the value HTTP_HOST=secauth.securenvoy.com Restart the world wide web service 3.0 Configuration of SecurEnvoy Admin Launch the SecurEnvoy admin interface, by executing the Local Security Server Administration link on the SecurEnvoy Security Server. Click Config Select Windows Microsoft Password is the PIN under PIN Management This will now use the users existing password as the PIN (this is the default setting). Click Update to confirm the changes Click Logout when finished. This will log out of the Administrative session. 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 6

4.0 Test Logon To access the protected Citrix environment go to: https://secauth.securenvoy.com/citrix The following page will be displayed; this is the SecurEnvoy Two-Factor Web authentication page. All users will be stopped from proceeding to any protected resource, until Two-Factor authentication has been completed. The user carries out the following: 1.0 Enter Domain Username 2.0 Enter Domain password (This is the PIN) 3.0 Enter the One Time Passcode (OTP) received on their mobile phone When all details have been entered click Send. The user now has access to the Citrix front page. 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 7

5.0 Single sign on Solution To facilitate a simple sign on solution, SecurEnvoy has included a number of pre configured templates for Citrix applications. Navigate to \Program Files\SecurEnvoy\Microsoft IIS Agent\Samples\Citrix directory, there will be a number of Citrix versions. Select the version that is correct for your environment. Following the instructions in the readme.txt file. 2005 SecurEnvoy Ltd. All rights reserved Confidential Page 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information