Citrix XenApp(StoreFrontAuth) and XenDesktop with Netscaler
Citrix XenApp(StoreFrontAuth) and XenDesktop with Netscaler
Citrix XenApp(StoreFrontAuth) and XenDesktop 集成 NetScaler 配置步骤
来源 https://www.carlstalhood.com/netscaler-gateway-12-storefrontauth-and-xendesktop-wizard/
参考 https://docs.citrix.com/en-us/citrix-gateway/13/integrate-with-xenapp-and-xendesktop.html
注意: ssl certkey name 必须为 ns-sftrust-certificate (此名字的certkey为内部专用证书, 不允许绑定到用户创建的服务上, 只允许系统内部服务使用. ) , 选择的证书文件必须为 ns-sftrust-root.cert (此证书文件是系统初始化时, 通过脚本自动生成, 用户也可以手动调用脚本重新生成, 该证书仅供内部服务使用. )
> show vpn sfconfig
ERROR: Operation not permitted [StoreFront Trust SSL certificate is missing.]
In Netscaler GUI do:
Step 1
Traffic Management >> SSL >> Certificates >> CA certificates
- Click install
- Name: ns-sftrust-certificate
- Select from Appliance, choose ns-sftrust-root.cert
Step 2
From CLI to verify do:
> show vpn sfconfig
Created /var/download/GatewayConfig.zip, it is available for download via the web management interface.
Done
>
#filename: rc.local.start #filepath: /flash/nsconfig/ # NOTE: add ns-sftrust-certificate internal ssl certkey command # Because this command will not write to the configuration file # This command needs to be executed every time the system starts # You can use this command(show vpn sfconfig) to check whether the certificate is valid # After the built-in certificate is added, it cannot be deleted /netscaler/nscli -s -U %%:nsroot:. add ssl certKey ns-sftrust-certificate -cert ns-sftrust-root.cert
1. 从文件导入 NetScaler Gateway 设备配置
2. 在策略中允许WebSocket连接,因为 Receiver html5 方式访问需要WebSocket支持。
3. 应用商店URL设置为SSL加密连接, 身份验证方法仅启用[用户名和密码][HTTP基本认证][从 NetScaler Gateway 直通]三种方式,并启用统一体验。
远程访问方式为: 已启用(完整的VPN通道)
4. 设置Receiver部署方式为[如果本地Receiver不可用, 则使用Receiver for HTML5]
5. 应用商店设置中,启用套接字池,默认不启用。
在PC上使用NetScaler上Gateway vServer 的VIP对应的域名 https://sfwan.mtestadp.com/ 进行登录。
在移动设备上使用NetScaler上Gateway vServer 的VIP对应的域名 https://sfwan.mtestadp.com/ 进行登录。
在NetScaler上的Gateway vServer 上配置以下命令, 指明内网应用网段和给客户端使用的内网IP池, 以及在会话中开启VPN模式支持
add vpn intranetApplication Intranet ANY 192.168.185.0 -netmask 255.255.255.0 -destPort 1-65535 -interception TRANSPARENT bind vpn vserver _XD_10.0.100.101_443 -intranetApplication Intranet bind vpn vserver _XD_10.0.100.101_443 -intranetIP 192.168.185.80 255.255.255.248
set vpn sessionaction AC_OS_10.0.100.101 -transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON -ClientChoices ON -clientlessVpnMode ON set vpn sessionaction AC_WB_10.0.100.101 -transparentInterception ON -defaultAuthorizationActioion ALLOW -SSO ON -ClientChoices ON -clientlessVpnMode ON
XenApp(StoreFrontAuth) and XenDesktop Wizard – NetScaler Gateway 12 / Citrix Gateway 12.1
总览
NetScaler Gateway 12和Citrix Gateway 12.1及更高版本支持一种称为StoreFrontAuth的新身份验证形式,该形式将Active Directory身份验证委派给StoreFront服务器。StoreFrontAuth替换Citrix Gateway上的LDAP。您通常不需要两者。
- StoreFrontAuth使用nFactor,这意味着Citrix ADC必须获得高级版(以前称为企业版)或铂金版(以前称为白金版)的许可。
启用StoreFrontAuth的最简单方法是使用XenApp和XenDesktop向导。该向导使您可以从几种不同的身份验证方法中进行选择,包括多重身份验证。
- 或者,您可以在nFactor中手动配置StoreFrontAuth并将AAA vServer绑定到网关vServer。有关手动配置nFactor的内容,请参阅 NetScaler 网关授权直连到 StoreFront 。
先决条件
许可证 –确保设备已获得Advanced Edition(以前称为Enterprise Edition)或Premium Edition(以前称为Platinum Edition)的许可。
DNS服务器 – 确保在Citrix ADC上配置了DNS服务器。
该向导将创建一个全新的网关虚拟服务器。您将需要以下内容:
- 网关的DNS名称(FQDN)
- 网关的VIP
- 网关的证书
到StoreFront服务器的URL – 必须通过Citrix ADC SNIP和NSIP可以访问StoreFront
- 要检索商店列表,NSIP必须能够访问StoreFront URL
- StoreFront必须为3.11版或更高版本
RADIUS – 如果要进行多因素身份验证,则需要RADIUS信息,包括将Citrix ADC NSIP和/或SNIP添加为RADIUS客户端。
另请参阅Citrix CTX223882 常见问题解答–使用NetScaler Gateway在StoreFront上配置身份验证
XenApp and XenDesktop Wizard ( XenApp和XenDesktop向导 )
- 在Citrix ADC中,单击 左下方的 XenApp and XenDesktop Wizard ( XenApp和XenDesktop向导 ) 。
- 在右侧,点击 Get Started ( 入门 ) .
- 选择 StoreFront,然后配置 Continue ( 继续 )
- 在 Citrix Gateway 部分, 输入新网关的FQDN .
- 输入新网关的VIP.
- 选中 Redirect requests from port 80 to secure port ( 将请求从端口80重定向到安全端口 ), 然后点击 Continue ( 继续 ).
- 在 Server Certificate (服务器证书) 部分, 如果您在此设备上已经拥有与新网关FQDN匹配的证书,请选择它。或者,将选择更改为 Install Certificate ( 安装证书 ),然后导入.pfx文件。完成后,单击 Continue ( 继续 ).
- 在 StoreFront 部分, 输入指向StoreFront的URL,然后单击 Retrieve Stores ( 检索商店 ) .
- 在 Receiver for Web Path 下列选项中, 选择一个要使用的 Receiver for Web Path.
- 在 Default Active Directory Domain 字段中, 输入StoreFront服务器将接受的域名。
- 输入一个 Secure Ticket Authority URL , 包含 http:// 或 https://. 使用加号图标添加多个STA服务器。STA通常是您的XenDesktop控制器。然后单击 Test STA Connectivity ( 测试STA连接 )。
- 选中 Use this StoreFront for Authentication ( 使用此StoreFront进行身份验证 ) 并单击 Continue ( 继续 ).
- 在 Authentication 部分, 点击 Choose Authentication Type 的下拉选择项, 其中有些选项是多个认证的. Multi-factor ( 多因素认证 ) 将在后面详细介绍. 现在我们选择 StoreFront Auth.
- 单击按钮 Retrieve Auth Enabled Stores ( 检索 StoreFront 授权是否启用 ), 若 StoreFront 版本过低,不满足功能,将无法继续配置,并提示 StoreFront 版本不满足需求.
- 在 Authentication Service URI 下拉选项中选择一个需要使用的URI.
- 在 Domain 字段中输入可用的默认域. 注意:此处输入的域名必须与StoreFront允许的域名之一匹配。这将在下面的 Multiple Domains ( 多域名 ) 部分中进行介绍.
- 单击 Continue ( 继续 ).
- 查看摘要显示信息界面, 并单击 Done ( 完成 ).
- 如果未启用默认SSL配置文件, 请转到 Citrix Gateway > Virtual Servers, 编辑网关虚拟服务器,然后配置为默认的 SSL vServer Settings ( ssl 虚拟服务配置 ).
Portal Theme and Login Schema ( 门户网站主题和登录样式 )
- 如果将浏览器指向网关URL,请注意这是一个旧主题。
- 在左侧,转到 Citrix Gateway > Virtual Servers.
- 在右侧,编辑由向导创建的网关虚拟服务器。
- 在右侧的高级设置中, 选择 Portal Themes ( 门户主题 ).
- 在左侧,向下滚动,更改 Portal Theme ( 门户主题 ) ,选择 RfWebUI 或其他风格. 单击 OK ( 确定 ).
- 现在,当您访问网关URL时,它会使用较新的主题显示。但是,页面中间有一个“ First Factor ”文本。我们可以解决这个问题。
- 返回Citrix Gateway,在页面中间附近,找到 Authentication Profile(身份验证配置文件)部分。点击铅笔图标。该对象启用nFactor。
- 单击 Edit 按钮,进入编辑 Authentication Profile (身份验证配置文件) 设置.
- 记下 AAA vServer 的名称. 因为这里的 Edit 按钮,无法将我们带到对应的编辑页面。
- 返回到Citrix ADC主导航菜单,然后转到 Security > AAA – Application Traffic > Virtual Servers 菜单节点.
- 您会在列表中看到一个新的AAA vServer。之所以失败,是因为没有证书绑定到它,但是它仍然有效。如果红色图标困扰您,欢迎您将证书绑定到它。
- 编辑这个 AAA vServer.
- 向下滚动,然后单击显示 1 Login Schema 的位置
- 右键单击 Login Schema (登录样式), 然后单击 Edit 进行编辑.
- 单击 Profile (配置文件) 旁边的 Edit 按钮.
- 单击 Authentication Schema 字段旁的的铅笔图标.
- 在左侧, 单击 LoginSchema 文件夹将其打开.
- 将鼠标移到 SingleAuth.xml 文件上,然后单击下载图标。将其保存在某处。
- 下载的.xml文件。
- 找到包含 First factor 文本的行. 然后删除该行。用新名称保存文件。例如保存为 SingleAuthWithoutNone.xml
- 返回到 Login Schema 对话框界面,在 Authentication Schema 字段中, 单击上传图标。选择刚才编辑的文件(SingleAuthWithoutNone.xml ),进行上传。
- 不幸的是,虽然上传了新的 Login Schema .xml 文件,但是并没有选择使用。所以我们再次点击铅笔图标。
- 在左侧,单击新文件(SingleAuthWithoutNone.xml )以将其突出显示。
- 在右侧,单击蓝色的 Select 按钮.
- 请注意,文件名现在已更改为新文件。单击 OK( 确定 )。
- 再次单击 OK ( 确定 )
- 单击 Close ( 关闭 ).
- 如果将浏览器再次指向网关FQDN,多余的文本将消失。欢迎您对.xml文件进行其他更改。 ( First factor 复选框按钮已经不存在了)
StoreFront Configuration for Gateway ( 网关的StoreFront配置 )
- 在Citrix ADC的左下方,单击 XenApp and XenDesktop.
- 点击右上角的 Download file ( 下载文件 ).
- 在 Download StoreFront Settings 页面上, 您可以导出所有虚拟服务器,也可以仅导出其中之一。单击 OK ( 确定 ).
- 将GatewayConfig.zip文件保存在 某处。
- 在StoreFront控制台中,在左侧,右键单击 Stores节点,然后单击 Manage NetScaler Gateways。
- 在窗口顶部,单击 imported from file (从文件导入)的蓝色链接
- 单击 Browse (浏览)按钮,然后选择您之前保存的 GatewayConfig.zip 文件。
- 单击要导入的网关vServer 旁边的 Import (导入) 按钮。
- 在 Select Logon Type 页面上, 您可以选择输入SmartAccess Callback URL,该URL可以解析为在同一设备上的任何Citrix Gateway 对用户进行身份验证的FQDN。点击 Verify (验证)。
- 单击 Next ( 下一步 ).
- 在 Secure Ticket Authorities 页面上, 查看 STA 服务的列表, 并单击 Next (下一步).
- 在 Review Changes (查看更改) 页面上, 单击 Import (导入).
- 在 Summary (摘要) 页面上, click Finish (完成).
- 单击 Close (关闭).
- 新的网关显示在列表中。请注意,新的网关 Used by Store (由 Store 使用),因此无需亲自在Store上启用远程访问。单击 Close(关闭).
- 编辑新导入的Gateway对象。
- 在 Secure Ticket Authority 页面上, 选中 Enable session reliability (启用会话可靠性). 若不启用此选项, EDT协议将不起作用,单击OK(确定)。
StoreFrontAuth and Multiple Domains ( StoreFrontAuth 和 多域名 )
The wizard configures Session Profiles with a default domain name. Multiple domains won’t work until you remove this SSON Domain.
- At Citrix Gateway > Virtual Servers, edit the Gateway Virtual Server created by the wizard.
- Scroll down, and click where it says 2 Session Policies.
- Right-click each Session Policy, and click Edit Profile.
- On the tab named Published Applications, uncheck the box next to Single Sign-on Domain. Click OK.
- Repeat for the other Session Profile.
StoreFrontAuth authenticates users to StoreFront using normal StoreFront username syntax:
- username only
- Domain\username
- username@domain.suffix (aka userPrincipalName)
If no domain name is specified, StoreFrontAuth can be configured with a default domain name.
- Go to Security > AAA > Virtual Servers, right-click the AAA vServer that has StoreFrontAuth enabled, and click Edit.
- Scroll down, and click where it says 1 Authentication Policy.
- Right-click the StoreFrontAuth policy, and click Edit Policy. Unfortunately, Edit Action doesn’t seem to work.
- Click the Edit button next to the Action.
- In the Domain field, enter a default domain name that will be used if the user does not specify a domain. Click OK.
Notes on domain names:
- The domain names entered by users (domain\username, or username@domain.suffix), must be accepted by StoreFront.
- The default domain name entered in the StoreFront Authentication Action must be accepted by StoreFront.
- After StoreFront Authentication authenticates the user, it sends back the user’s UPN. Citrix Gateway then uses the UPN to Single Sign-on to StoreFront. Thus, the UPN suffixes must be accepted by StoreFront.
To configure the domain names accepted by StoreFront:
- In StoreFront Console, right-click your store, and click Manage Authentication Methods.
- Click the top gear icon, and click Configure Trusted Domains.
- If the selection is Any domain, then you’re good, and you don’t need to change anything.
- If it’s set to Trusted domains only, then make sure that UPN domain suffixes are in the list.
- To make it easier for users, add the NetBIOS domain names too. However, if you checked the box for Show domains list in logon page, then internal users will see both the NetBIOS domain names, and the UPN domain suffixes.
- Notice that there’s a drop-down to select the Default domain. This default domain is only used if the user does not specify a domain name, and if no domain name is configured in the StoreFrontAuth action.
Depending on how you configured the StoreFront trusted domains, users have several options for logging into Citrix Gateway:
- Username only – the default domain name configured in the StoreFrontAuth action is used. If StoreFrontAuth default domain is not configured, then it uses the default domain name configured in StoreFront.
- Domain\username – requires the short domain name (NetBIOS) to be included in StoreFront’s list of trusted domains.
- UPN.suffix\username – this should always work, since you always need to add UPN suffixes to the StoreFront trusted domains list.
- username@UPN.suffix – this should always work, since you always need to add UPN suffixes to the StoreFront trusted domains list.
Multi-factor authentication
The XenApp and XenDesktop Wizard supports several authentication configurations:
- On the bottom left, click XenApp and XenDesktop.
- On the top right, move your cursor over the existing Gateway, and click click the pencil icon to edit it.
- If you earlier removed the Single Sign-On Domain to support multiple AD domains, then the wizard will prompt you to re-enter a Default Active Directory Domain. Unfortunately, this field is not optional. After entering a domain name, and completing the steps shown in this section, you can follow the above instructions to remove it again.
- In the Authentication section, click the pencil icon.
- At the top of the Authentication section, there’s a drop-down for Choose Authentication Type. There are several options. Since this article is focused on StoreFront Auth, only RSA + StoreFront Auth will be detailed below.
- The RSA + Domain option is equivalent to Citrix Gateway RADIUS + LDAP. The RADIUS + LDAP authentication is performed directly by Citrix Gateway, which means it doesn’t use nFactor or a AAA vServer. Unfortunately, the wizard does not configure Citrix Gateway correctly. See my NetScaler Gateway RADIUS Authentication article to fix the authentication policies and Gateway binding configuration.
The RSA + StoreFront Auth option will ask you for RADIUS authentication information.
- Change the Choose Authentication Type drop-down to RSA + StoreFront Auth.
- Enter the RADIUS information, and click Test Connection. Citrix ADC will use its SNIP to verify the connection.
- Increase the RADIUS Time-out if your multi-factor is phone-based.
- StoreFront Auth should already be configured, so just click Continue.
- Note, if you see any error messages, you might have to completely delete the Gateway, and run the wizard from scratch. Unfortunately, the XenApp and XenDesktop wizard seems to be quite buggy.
- Click Done to close the Citrix Gateway Settings page.
- After changing the Gateway authentication, on the top right, download the configuration file again, and import to StoreFront.
- When you import to StoreFront, you can select an existing Gateway to overwrite.
- The Gateway that it imports to StoreFront is automatically configured with Domain and security token so you don’t have to configure this yourself.
If you point your browser to the Gateway URL, you will see two password fields. You would think that the first password field is where you enter the AD Password, but that’s incorrect. Actually, it wants Passcode in the first field, and AD Password in the second field.
To swap the fields, do the following:
- Go to Security > AAA – Application Traffic > Virtual Servers.
- Edit the AAA vServer that is linked to the Gateway vServer.
- Scroll down, and click where it says 1 Login Schema.
- Right-click the Login Schema, and click Edit.
- Click the Edit button next to the Profile field.
- Notice the DualAuth.xml file selection. Click the pencil in the Authentication Schema field.
- On the left, click the LoginSchema folder to open it.
- Move your mouse over the DualAuth.xml file, and click the download icon. Save it somewhere.
- Edit the downloaded .xml file.
- Look for the two lines containing passwd. Swap the passwd1 and passwd IDs. In other words, remove the 1 from passwd in line 27, and add it to the passwd in line 22. There are two ID tags in each line. Save the file with a new name.
- Go back to the Login Schema dialog box. In the Authentication Schema field, click the upload icon. Select the new file to upload it.
- Unfortunately, uploading a new Login Schema .xml file does not actually select the uploaded file. Click the pencil icon.
- On the left, click the new file to highlight it.
- On the top right, click the blue Select icon.
- Notice that the file name has now changed to the new file. Click OK.
- Click OK again.
- Click Close.
- Now when you go to the Gateway URL, the fields should work as expected.
============================================================
================= End
Hi Carl, thank you for very detailed article.
We currently have two factor configured with Web Interface 5.4 where NetScaler prompts for 1st factor (RSA) and after successful authentication redirects to Web Interface where it prompts for second factor (AD). I am trying to have the same with StoreFront but to no avail.
Any recommendation ?
See https://support.citrix.com/article/CTX200066
thank you Carl, works like a charm ! The only issue is how to pass user ID from NetScaler to StoreFront and not to enter it again. I’m sure can be done with NetScaler but haven’t found it.
Hi Carl,
Thanks for the detailed post. I have been trying to find a way to integrate third party link for self-sign password reset on netscaler but I have not had any success with .js file / custom.css file or theme.css. I see article about EULA but I could not find any articles adding hyperlink for sspr. hopefully, there are some options on 12.1
What kind of theme? The instructions for RfWebUI are different than the instructions for X1. See https://www.carlstalhood.com/netscaler-gateway-12-tweaks/#logonlinks
Hi Carl,
In multi factor Auth, 1st Auth is validated by Netscaler Gateway and 2nd Auth is validated by storefront ?
Hi Carl,
Quick question: There is a feature on NetScaler called WebInterface on Netscaler. This shows up on the XA/XD integration wizard.
What is this? Does this allow you to run a Storefront like site without storefront servers? If so why use SF?
What are the use cases for this and why would you not advise a large organisation to use this?
If you have any information that I could use to answer these questions I would be very grateful.
Only for the older Web Interface. The NetScaler version is Java based. I don’t recommend it.
Hello Carl,
Thanks for nice article.
I have setup Citrix ifnra test lab in AWS environment. I have deplyed NS in AWS with single interface. NSiP, SNIp and Citrix infra servers are same subnet (10.0.64.x)
From putty i am able to ping DNS/AD server. When I am DNS server in NS it is showing down whereas LDAP is working perfectly. As this my test lab all ports are open through and fro.
Once login to Netscaler page after credential authenication happens and getting error message “Http/1.1 Internal Server Error 43531”. I have enabled MBF in NS. (tried with route as but same issue)
Any suggesion?
Regards,
Dip
When you SSH to NetScaler and run ping, that is sourced from the NSIP, not the SNIP. To ping from SNIP, in GUI, go to Traffic Mgmt > Load Balancing > Services, add a service, enter the destination IP. Change the monitor to a ping monitor.
Is AWS aware of all IP addresses assigned to the appliance? I think you typically add multiple NICs. Or in AWS assign multiple IPs to the NIC.
Is the DNS server in the same subnet as NetScaler? If not, what is your route 0.0.0.0 0.0.0.0?
Hell Carl,
Thanks for reply. It really helped.
You rightly pointed. I have not assinged SNIP to Nic. Once i have assigned it DNS is up now.
But problem is this is my test environment, i have used self signed cert on netscaler and same cert i have deoyed on my machin so in Trustted root CA option. I able to login to NS via Internet and able to see VDI icon in storeront.
But when I am launchig it gives me error
//
—————————
Windows 10 Desktop ERROR
—————————
Unable to launch your application. Contact your help desk with the following information:
Cannot connect to the Citrix XenApp server.Network issues are preventing your connection. Please try again. If the problem persists, please call your help desk.
—————————
Desktop Viewer
—————————
The connection to “Windows 10 Desktop” failed with status (Unknown client error 0).
\\
However internally (Intern Jump Server) when i am login getting :”Your logon has expired. Please log on again to continue” via Netscaler. (there is not cert deployed on Storefront)
But direct storeront link is working properly and able to launch vdi.
As this test environment i have not using intermediate certicate. is that the probem? or any suggestion how can I user self signed cert.
Regards,
Dip
Carl, when setting up Citrix Receiver to go through StoreFrontAuth, I get “double” prompted. The first is the NS, then again from the AAA VServer (I recognize the test from the LoginSchema). What am I missing here?
Hello CAril
How are you
I hace created a lab with NS 12
My prod network is 192.168.1.0/24
I did the xenapp and xendesktop wizard my vip is 172.16.0.10
I can ping it from the cli
But if I connect from y windows 10 client and type to https the vip no answer
for you info my vm NS has only one network card
tks for your help
Are you saying that your NetScaler is connected to multiple subnets? Did you configure VLANs? https://www.carlstalhood.com/netscaler-12-system-configuration/#twoarm
Hi Carl, Thanks for your article.
I have an existing PoC setup where users are connecting directly to Storefront with Pass-through authentication turned on.
In new setup, we have AG setup for internal users (to force all traffic through SNIP). This means users need to type their credentials to authenticate at NetScaler.
Users want to be able to use Pass-through authentication (similar to their Poc). I understand Pass-through authentication is not supported in NetScaler Gateway
If I configure Storefront-auth as described, Is it possible to make pass-through working?
Bottom line: Users want to automatically logged in from their domain-joined machines using Pass-through, even when connecting from NetScaler AG.
Note: I have enabled the Pre-reqs for Passthrough to work already (Receiver GPO, TrustingXML etc)
Is there a specific step needed to enable “Storefront Auth” on step 12 (Click the button to Retrieve Auth Enabled Stores)?
When I click the button, I get an error stating: “There are no auth enabled stores on the specified StoreFront”
I usually have to click it a couple times.
Or, maybe you’ve upgraded StoreFront several times and don’t have a store with integrated auth.
I’m with this error using Netscaler 12. How can i fix it ?
Hi Carl,
i change from LDAP Auth to the new StoreAuth methode, after i change it i become an Error on Storefront
Eventlog: Citrix Authentication Service ID:1 (1008) /UserDomain
” Beim Verarbeiten einer expliziten JSON-Anforderung ist ein Fehler aufgetreten.
System.ArgumentNullException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Der Wert darf nicht NULL sein.
Parametername: userDomain
bei Citrix.DeliveryServices.Security.Claims.Specializations.Directory.Client.DelegatedDirectoryClaimFactory.CreateDirectoryClaimForAllUserGroups(String userSecurityIdentifier, String userDomain, String issuer, String original, IEnumerable`1 requiredProperties, Boolean searchGC)
bei Citrix.DeliveryServices.Authentication.Explicit.ExplicitJson.Controllers.ExplicitJsonController.AuthenticateUsernamePassword(UsernamePasswordRequest upr)
bei Citrix.DeliveryServices.Authentication.Explicit.ExplicitJson.Controllers.ExplicitJsonController.Authenticate(JsonRequestHolder holder)
”
I hope you can help me.
Thx
Thomas
HI Carl do you thing Netscaller v12 is ready for production deployment at a Green Field Site or should I be sticking to V11.1.
Alan
I would stay with 11.1, unless you need the new features, and are tolerant to risk.
Thank you Carl. Is it still possible to restrict gateway access to only members of a specific AD group using StorefrontAuth method?
The Session Profile has a “Groups allowed to login” field.
It worked! Thank you Carl.
Hey Carl, testing Storefront Auth and running into an issue using RfWebUi, other themes work. After loging no apps are disabled. My account also is only showing my samaccount and not full name. Sf without NetScaler works fine as does the X1 theme. Any ideas? Used the wizard to configure everything. SF is set to any domain.
Hi Chuck,
I have the same problem here. NS 11.1. with RfWebUI against SF 3.5 is working. Update NS to 12.0.53.6 and RfWebUI aganist SF3.5 produce a error “no apps aor desktops available at this time”. Switching Theme to X1 and login again, it’s working as expceted. Any Ideas where the problem is?