Implementation Guide. SafeNet Authentication Service. Citrix Web Interface 5.x

Similar documents
Integration Guide. SafeNet Authentication Service. VMWare View 5.1

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

Configuration Guide. SafeNet Authentication Service. Remote Logging Agent

Agent Configuration Guide

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Configuration Guide. SafeNet Authentication Service. Token Validator Proxy Agent

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

Configuration Guide. SafeNet Authentication Service AD FS Agent

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Gemalto SafeNet Minidriver 9.0

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Apache HTTP Server

Integration Guide. SafeNet Authentication Client. Using SAC CBA for Check Point Security Gateway

Synchronization Agent Configuration Guide

SafeNet Authentication Manager Express. Upgrade Instructions All versions

Installation Guide. SafeNet Authentication Service

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Drupal

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

User Guide. SafeNet MobilePASS for Windows Phone

Integration Guide. SafeNet Authentication Service. Oracle Secure Desktop Using SAS RADIUS OTP Authentication

SAS Agent for Outlook Web Access

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Radiator RADIUS Server

SafeNet Cisco AnyConnect Client. Configuration Guide

SafeNet MobilePASS Version 8.2.0, Revision B

Microsoft IIS Integration Guide

SAS Agent for Outlook Web App

Migration Guide. SafeNet Authentication Service. SafeWord/SAMx. Migration Guide: SafeNet Authentication Service. SafeWord/SAMx

SafeNet Authentication Service

Strong Authentication for Juniper Networks SSL VPN

Juniper SSL VPN Authentication QUICKStart Guide

Integration Guide. SafeNet Authentication Service. Using RADIUS and LDAP Protocols for Cisco Secure ACS

Active Directory Rights Management Service Integration Guide

Microsoft IAS and NPS Agent Configuration Guide

SafeNet MSSQL EKM Provider User Guide

Strong Authentication for Juniper Networks

Microsoft SQL Server Integration Guide

SafeNet KMIP and Amazon S3 Integration Guide

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

SafeNet Authentication Service

Preface. Microsoft Office Sharepoint Server 2007 Integration Guide SafeNet, Inc. All rights reserved. Part Number: (Rev A, 06/2009)

Preface. Limitations. Disclaimers. Technical Support. Luna SA and IBM HTTP Server/IBM Web Sphere Application Server Integration Guide

SafeNet Authentication Service

OTP Server Integration Module

Apache HTTP Server Integration Guide

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Cisco ASA

Strong Authentication for Microsoft SharePoint

Implementation Guide for protecting

BlackShield ID Agent for Remote Web Workplace

Strong Authentication for Microsoft TS Web / RD Web

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Cisco ASA Authentication QUICKStart Guide

SafeNet Authentication Service Token Validator Proxy Agent. Configuration Guide

Sentinel Cloud V.3.5 Installation Guide

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

ESET SECURE AUTHENTICATION. Check Point Software SSL VPN Integration Guide

Strong Authentication for Cisco ASA 5500 Series

SafeNet Authentication Service Agent for Windows Logon. Configuration Guide

External Authentication with Citrix Access Gateway Advanced Edition

Technical Integration Guide for Entrust IdentityGuard 9.1 and Citrix Web Interface using RADIUS

DIGIPASS Authentication for Check Point Connectra

SAS Token Validator Proxy Agent Configuration Guide

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

1 Summary. Step by Step Guide to implement SMS authentication to Bluecoat ProxySG

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Interact for Microsoft Office

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

DualShield Authentication Platform

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

PANO MANAGER CONNECTOR FOR SCVMM& HYPER-V

High Availability Configuration

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

HOTPin Integration Guide: DirectAccess

RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

For Active Directory Installation Guide

Technical Brief for Windows Home Server Remote Access

Dell One Identity Cloud Access Manager How to Configure for High Availability

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Administration guide. Océ LF Systems. Connectivity information for Scan-to-File

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

HyperFS PC Client Tools

Enabling Remote Management of SQL Server Integration Services

Windows Server Update Services 3.0 SP2 Step By Step Guide

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Installation and Configuration Guide

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

Defender EAP Agent Installation and Configuration Guide

Veeam Task Manager for Hyper-V

4.0. Offline Folder Wizard. User Guide

ESET SECURE AUTHENTICATION. SonicWall SSL VPN Integration Guide

INTEGRATION GUIDE. General Radius Config

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

Transcription:

SafeNet Authentication Service Implementation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1

Document Information Document Part Number 007-012523-001, Rev A Release Date September 2014 Trademarks All intellectual property is protected by copyright. All trademarks and product names used or referred to are the copyright of their respective owners. No part of this document may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, chemical, photocopy, recording, or otherwise, without the prior written permission of SafeNet, Inc. Disclaimer SafeNet makes no representations or warranties with respect to the contents of this document and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, SafeNet reserves the right to revise this publication and to make changes from time to time in the content hereof without the obligation upon SafeNet to notify any person or organization of any such revisions or changes. We have attempted to make these documents complete, accurate, and useful, but we cannot guarantee them to be perfect. When we discover errors or omissions, or they are brought to our attention, we endeavor to correct them in succeeding releases of the product. SafeNet invites constructive comments on the contents of this document. These comments, together with your personal and/or company details, should be sent to the address or email below. Contact Method Mail Email Contact Information SafeNet, Inc. 4690 Millennium Drive Belcamp, Maryland 21017, USA TechPubs@safenet-inc.com 2

Contents Contents Overview... 4 Applicability... 4 Prerequisites... 4 Configuration... 5 Enabling RADIUS Authentication... 5 Create a RADIUS Shared Secret File... 6 Modifying the web.config File(Citrix Web Interface 5.2/5.3 only)... 6 Adding the Citrix Web Interface as a RADIUS Client... 6 Support Contacts... 7 3

Overview By default, Citrix Web Interface requires that a user provide a correct user name and password to successfully log on. This document describes the steps necessary to augment this logon mechanism with strong authentication by adding a requirement to provide a one-time password (OTP) generated by a SafeNet token during user authentication. Applicability This integration guide is applicable to: Security Partner Information Security Partner Citrix Product Name and Version Citrix Web Interface 5.0, 5.1, 5.2, 5.3 Protection Category Remote Access SAS Server Authentication Server SAS Server 2.4 or higher Network TCP Port 80 or 443 RADIUS Server Microsoft Internet Authentication Server (IAS) Microsoft Network Policy Server (NPS) Juniper Steel Belted RADIUS Server Unsupported Token Types GrIDsure Prerequisites Ensure end users can authenticate through the Citrix Web Interface with a static password before configuring the Citrix to use RADIUS authentication. Ensure the SAS server is installed and a user account has been assigned with a SafeNet token. SAS Agent for Internet Authentication Service (IAS), Network Policy Server (NPS) or Juniper Steel Belted RADIUS is installed Ensure that TCP port 80 or 443 is open between the SAS Agent for Internet Authentication Service (IAS), Network Policy Server (NPS) or Juniper Steel Belted RADIUS, and the SAS Server. UDP Port 1812 and 1813 network traffic must be permitted from Citrix Web Interface to the RADIUS server used by SAS. 4

Configuration now supports 2-factor authentication with SAS using its built-in RADIUS authentication support. Configuring SafeNet authentication consists of the following steps: Step 1. Enable RADIUS authentication and define a RADIUS server using the Citrix Access Management Console. Step 2. Create a RADIUS shared secret file. Step 3. Modify the web.config file (Citrix Web Interface 5.2/5.3 only) Step 4. Define Citrix Web Interface as a RADIUS client in Microsoft Internet Authentication Service (IAS) or Network Policy Server (NPS). Enabling RADIUS Authentication The SAS Agent for Internet Authentication Service (IAS), Network Policy Server (NPS) or Juniper Steel Belted RADIUS must be defined as a RADIUS server within the Citrix Access Management Console. 1. Launch the Citrix Access Management Console on the Web Interface 5.x server and select the appropriate site. 2. Under Common Task, select Configure Authentication Methods > Explicit. 3. Click Properties. 4. In the Two-Factor Setting field, select RADIUS. 5. Enter the RADIUS server information used by SAS. 5

Create a RADIUS Shared Secret File A shared secret file must be manually created for the RADIUS server defined within the Two-Factor Authentication method. 1. On the Citrix Web Interface server, browse to the \inetpub\wwwroot\citrix\sitepath\conf directory. 2. Create a file called radius_secret.txt and enter a shared secret (for example, testing123). Modifying the web.config File(Citrix Web Interface 5.2/5.3 only) If using Citrix Web Interface 5.2 or 5.3, the following additional steps must be performed: 1. On the Citrix Web Interface server, browse to the \inetpub\wwwroot\citrix\sitepath directory. 2. Open the web.config file with a text editor. 3. Search for RADIUS_NAS_IDENTIFIER and, for the value, enter citrixwi. 4. Search for RADIUS_NAS_IP_ADDRESS and, for value, enter the IP address assigned to the Citrix Web Interface server. Adding the Citrix Web Interface as a RADIUS Client The following steps will permit RADIUS authentication traffic from the Citrix Web Interface server to the SAS Agent for Internet Authentication Service (IAS) or Network Policy Server (NPS): 1. On the Microsoft Internet Authentication Service (IAS) or Network Policy Server (NPS) server, select Start > Control Panel > Administrative Tools. 2. Select Internet Authentication Service or Network Policy Server. 3. If required, expand RADIUS Clients and Servers. 4. Right-click RADIUS Clients and select New RADIUS Client. 5. Enter the friendly name and IP address or DNS of the Citrix Web Interface server. 6. For Vendor Name or Client-Vendor, enter RADIUS Standard. 7. Enter the shared secret that was entered into the radius_secret.txt file. 8. Click Apply. 9. Restart the Network Policy Server or Internet Authentication Service for the setting to take effect. 10. Logon to, entering the one-time password in the PASSCODE field. 6

Support Contacts If you encounter a problem while installing, registering, or operating this product, please make sure that you have read the documentation. If you cannot resolve the issue, contact your supplier or SafeNet Customer Support. SafeNet Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between SafeNet and your organization. Please consult this support plan for further information about your entitlements, including the hours when phone support is available to you. Table 1: Support Contacts Contact Method Address Contact Information SafeNet, Inc. 4690 Millennium Drive Belcamp, Maryland 21017 USA Phone United States 1-800-545-6608 International 1-410-931-7520 Technical Support Customer Portal https://serviceportal.safenet-inc.com Existing customers with a Technical Support Customer Portal account can log in to manage incidents, get the latest software upgrades, and access the SafeNet Knowledge Base. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information