StoneGate SSL VPN Technical Note 2081. Setting Up SSO with Citrix Presentation Server



Similar documents
StoneGate SSL VPN Technical Note Setting Up Sygate On-Demand

StoneGate SSL VPN Technical Note Adding Bundled Certificates

StoneGate SSL VPN Technical Note Setting Up WPA Authentication

Remote Firewall Deployment

StoneGate SSL VPN Technical Note Setting Up BankID

StoneGate SSL VPN Technical Note Setting up ActiveSync

StoneGate Firewall/VPN How-To Evaluating StoneGate FW/VPN in VMware Workstation

Using Microsoft Active Directory Server and IAS Authentication

StoneGate IPsec VPN Client Release Notes for Version 4.3.0

VPNC Interoperability Profile

Release Notes for Version

RELEASE NOTES. StoneGate Firewall/VPN v for IBM zseries

Strong Authentication for Juniper Networks

Self Help Guides. Create a New User in a Domain

Strong Authentication for Juniper Networks SSL VPN

Intrusion Detection and Analysis for Active Response - Version 1.2. Installation Guide

IBM Security SiteProtector System Migration Utility Guide

Accessing BlackBerry Data Services Using Wi-Fi Networks

Installing the BlackBerry Enterprise Server Management Software on an administrator or remote computer

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

INTEGRATION GUIDE. DIGIPASS Authentication for Citrix NetScaler (with AGEE)

formerly Help Desk Authority HDAccess Administrator Guide

version 1.0 Installation Guide

Omniquad Exchange Archiving

Symantec Backup Exec Management Plug-in for VMware User's Guide

VPN CLIENT USER S GUIDE

CA Nimsoft Service Desk

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

technical brief Multiple Print Queues

CA NetQoS Performance Center

Clearview Customer Web Access

Dell One Identity Cloud Access Manager Installation Guide

BlackBerry Web Desktop Manager. Version: 5.0 Service Pack: 4. User Guide

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

RedBlack CyBake Online Customer Service Desk

By the Citrix Publications Department. Citrix Systems, Inc.

DualShield Authentication Platform

Track and Trace. Administration Guide

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

Hardware/Software Specifications for Self-Hosted Systems (Multi-Server)

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Decommissioning the original Microsoft Exchange

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Application Note. Gemalto s SA Server and OpenLDAP

Installing the Shrew Soft VPN Client

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.2.1

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

Integrated Citrix Servers

SA Server 2.0. Application Note : Evidian SafeKit 7.0.4, Failover

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

Strong Authentication for Microsoft TS Web / RD Web

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Strong Authentication for Microsoft SharePoint

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Symantec Mobile Management for Configuration Manager

SafeNet Cisco AnyConnect Client. Configuration Guide

VPN CLIENT ADMINISTRATOR S GUIDE

DameWare Server. Administrator Guide

UFR II Driver Guide. UFR II Driver Ver ENG

NVIDIA GRID 2.0 ENTERPRISE SOFTWARE

Getting Started with Symantec Endpoint Protection

DIGIPASS as a Service. Google Apps Integration

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Enabling Single Sign- On for Common Identity using F5

Citrix Systems, Inc.

Business Portal for Microsoft Dynamics GP. Project Time and Expense Administrator s Guide Release 10.0

RealShot Manager Compression Server software

Siebel CRM On Demand Single Sign-On. An Oracle White Paper December 2006

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

Server Virtualization with QNAP Turbo NAS and Microsoft Hyper-V

Hyper V Windows 2012 and 8. Virtual LoadMaster for Microsoft Hyper V on Windows Server 2012, 2012 R2 and Windows 8. Installation Guide

Citrix XenServer Workload Balancing Quick Start. Published February Edition

Installing the BlackBerry Enterprise Server Management console with a remote database

Google Cloud Print. Administrator's Guide

Radius Integration Guide Version 9

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Defender Token Deployment System Quick Start Guide

CA Performance Center

Installing and Configuring DB2 10, WebSphere Application Server v8 & Maximo Asset Management

2.0 HOW-TO GUIDELINES

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

Contents Firewall Monitor Overview Getting Started Setting Up Firewall Monitor Attack Alerts Viewing Firewall Monitor Attack Alerts

CA Spectrum and CA Embedded Entitlements Manager

StreamServe Persuasion SP5 Control Center

SOLARWINDS ORION. Patch Manager Evaluation Guide for ConfigMgr 2012

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

RSA Two Factor Authentication

BlackBerry Web Desktop Manager. User Guide

SyAM Software* Server Monitor Local/Central* on a Microsoft* Windows* Operating System

NetMotion Mobility XE

DIGIPASS Authentication for Check Point Connectra

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

Archiving User Guide Outlook Plugin. Manual version 3.1

VPN Configuration Guide. Parallels Remote Desktop for Mac

SN 132 SNAPstick QUICK START GUIDE

Transcription:

StoneGate SSL VPN Technical Note 2081 Setting Up SSO with Citrix Presentation Server

Table of Contents Introduction................................... page 3 Overview..................................... page 3 Note on Access Clients.......................... page 3 Standard Resource for Citrix Presentation Server........ page 3 Feedback..................................... page 6 Table of Contents 2

Introduction This technical note describes how to setup and configure Single Sign-On with Citrix Presentation Server and StoneGate SSL VPN. Prerequisites This technical note assumes a thorough understanding of StoneGate SSL VPN installation and Citrix Presentation Server administration. Use the further reading to gain the required knowledge. Further Reading More information on StoneGate SSL VPN administration can be found in the StoneGate SSL VPN Administrator s Guide, the Online Help, and the Technical Note repository provided with the product. Another source of information is the Stonesoft Support site, which can be found at http://www.stonesoft.com/support/. For more information on related subjects, visit http://www.citrix.com/. Overview It is possible to configure your StoneGate SSL VPN installation to support Single Sign-On (SSO) using Citrix Presentation Server. This technical note will guide you through the necessary steps. Note In these instructions, Citrix Presentation Server is added as a standard resource. The standard resource automatically uses a dynamic tunnel to access the resource. As a result, Citrix scripts nfuse15.wascr and nfuse16.wascr, which changes the real IP of the NFuse server that the client receives in the.ica file to 127.0.0.1 and 127.0.0.1:1494 respectively, should not be used. Also note that the use of dynamic tunnels requires administrator rights on the client computer the first time it is used. Note on Access Clients To avoid the need for administrator rights on a Windows client computer, or if you are running a Mac OS X or Linux client computer, a static tunnel must be used to access the resource. This means that the standard resource for Citrix can not be used, since it uses a dynamic tunnel. When static tunnels are used, the Citrix wascr script/-s nfuse15.wascr and nfuse16.wascr are required. Standard Resource for Citrix Presentation Server To configure SSO support for Citrix Presentation Server using a standard resource, follow the instructions below in order: 1. Add Citrix Presentation Server Standard Resource 2. Edit Advanced Resource Settings 3. Add SSO Domain 4. Add Resource Path 5. Edit Tunnel Set Adding a Citrix Presentation Server Standard Resource!To set up a Citrix Presentation Server 1. In the main menu, select Manage Resource Access and then click Standard Resources in the left-hand menu. 2. Select Citrix Presentation Server and enter general settings. Introduction 3

Display Name: citrixsso 3. Click Next and enter Citrix Web server settings. Citrix Presentation Server: <your Citrix server s IP address> Keep default port. 4. Enter Citrix Presentation Server settings. Citrix Presentation Server 1: <your Citrix server s IP address> Keep default port. 5. Enter Application Portal Settings and click Next. 6. Protect the resource host with applicable access rules and click Next. Please refer to Add Access Rules topic in the Getting Started section of the Online Help for instructions when needed. 7. Click Finish Wizard. Editing Advanced Resource Settings!To edit the advanced resource settings 1. In the left-hand menu, select Manage Resource Access. 2. In the Web Resources section, select the citrixsso created in the Add Citrix Presentation Standard Resource section above and then click the Edit Resource Host link. 3. Select the Advanced Settings tab and enter Access Settings: Select the Forward cookies between client and resource checkbox Cookies to Check: NFuseFolder NFuseMode icaclientcode icaobjectcode icaclientavailable icabrowsercode icascreenresolution NFuseUseSavedFolder icaispassthrough WINGSession WIUser Action: Allow 4. Click Save and then click Publish in the top menu. Note The cookies listed above are all automatically added by the standard resource. Standard Resource for Citrix Presentation Server 4

Adding a SSO Domain!To add a SSO domain to the configuration 1. In the left-hand menu, select SSO Domains. Refer to Add SSO Domains for general instructions. 2. Add domain attributes: Attribute Name: User name Attribute Restriction: Editable Referenced By: User input Attribute Name: Password Attribute Restriction: Editable Referenced By: User input Attribute Name: Domain Attribute Restriction: Hidden Referenced By: Static Attribute Value: citrixssotest 3. Click Next. 4. Protect the SSO domain with applicable access rules and click Next. 5. Click Finish Wizard. Adding a Resource Path!To add a resource path to the configuration 1. In the left-hand menu, select Manage Resource Access. 2. In the Web Resources section, select citrixsso and then click the Add Resource Path link. 3. Enter general settings. Path: Citrix/MetaFrame/default/frameset.asp 4. Enter Single Sign-On settings: Select the Enable Single Sign-On checkbox. Single Sign-On Type: Form based SSO Domain: citrixsso 5. Click Next. 6. Enter Logon Form settings: Method: POST Standard Resource for Citrix Presentation Server 5

Form Action (URL): http://<address of Citrix server>/citrix/metaframe/auth/login.aspx Form Data: state=login&logintype=explicit&user=[$username]&password=[$password]&context= %5BFind+Context%5D&tree=CRTREE&login=Log+In&slLanguage=en 7. Enter Verification of Logon Response settings: Verification URL: http://<address of Citrix server>/citrix/metaframe/site/applist.aspx Form Response: applist 8. Click the Add Client Request Header link. 9. Enter general settings and click Next. Header: User-Agent 10.Click Next. 11.Protect the resource path with applicable access rules and click Next. 12.Click Finish Wizard and then click Publish in the top menu. Editing the Tunnel Set!To edit tunnel set for this configuration 1. In the left-hand menu, select Tunnel Sets. 2. Select the Citrix tunnel set to edit it. 3. Select Advanced and set the Redirect URL text field to: /http/citrixweb/citrix/metaframe/default/frameset.asp Note The /CitrixWeb/ part of the path presented above is set according to the Display Name setting we have used for the Citrix web recourse. For example, if the Display Name of the Citrix web recourse was set to citrixsso, the above link would have been: /http/citrixsso/citrix/metaframe/default/frameset.asp. Feedback Stonesoft is always interested in feedback from our users. For comments regarding Stonesoft s products, contact feedback@stonesoft.com. For comments regarding this technical note, contact documentation@stonesoft.com. Feedback 6

Trademarks and Patents Stonesoft, the Stonesoft logo and StoneGate are all trademarks or registered trademarks of Stonesoft Corporation. Multi-link technology, multi-link VPN, and the StoneGate clustering technology-as well as other technologies included in StoneGate-are protected by patents or pending patent applications in the U.S. and other countries. All other trademarks or registered trademarks are property of their respective owners. SSL VPN Powered by PortWise Copyright and Disclaimer Copyright 2000 2007 Stonesoft Corporation. All rights reserved. These materials, Stonesoft products and related documentation are protected by copyright and other laws, international treaties and conventions. All rights, title and interest in the materials, Stonesoft products and related documentation shall remain with Stonesoft and its licensors. All registered or unregistered trademarks in these materials are the sole property of their respective owners. No part of this document or related Stonesoft products may be reproduced in any form, or by any means without written authorization of Stonesoft Corporation. Stonesoft provides these materials for informational purposes only. They are subject to change without notice and do not represent a commitment on the part of Stonesoft. Stonesoft assumes no liability for any errors or inaccuracies that may appear in these materials or for incompatibility between different hardware components, required BIOS settings, NIC drivers, or any NIC configuration issues. Use these materials at your own risk. Stonesoft does not warrant or endorse any third party products described herein. THESE MATERIALS ARE PROVIDED "AS-IS." STONESOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO, THE INFORMA- TION CONTAINED HEREIN. IN ADDITION, STONESOFT MAKES NO EXPRESS OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR USE WITH RESPECT THE INFORMATION CONTAINED IN THESE MATERIALS. IN NO EVENT SHALL STONESOFT BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES, INCLUD- ING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING FROM THE USE OF THESE MATERIALS, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES. SG_SVTN_2081_20070629 www.stonesoft.com Stonesoft Corp. Itälahdenkatu 22a FIN-00210 Helsinki Finland tel. +358 9 4767 11 fax +358 9 4767 1234 Stonesoft Inc. 1050 Crown Pointe Parkway Suite 900 Atlanta, GA 30338 USA tel. +1 770 668 1125 fax +1 770 668 1131 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information