Product Documentation

Configuring Additional Parameters in Application Connectors

Oct 08, 2015

Most application connector templates contain a predefined URL. When you add the application, you can choose to save the default settings. The application is then configured for SSO.

Some connectors require you to configure the following additional parameters:

  • URL that contains a domain or subdomain name.

    For example, when you configure the AtTask application connector, the URL appears as $$url$$/attask/home.cmd. You replace $$url$$ with the subdomain name. This is the URL with which users log on.

  • URL and subdomain name.

    You need to add the URL and subdomain name for an application connector, such as the Basecamp application.

  • Cookies domain that contains the name of the cookie for the application.

    You must know where to locate the name of the cookie to enter the name in this field.

Some application connectors require configuration in App Controller and in the application. One example is Google Apps. When you configure Google Apps in App Controller, you need to download a SAML certificate from App Controller and install the certificate in Google Apps. You also need to configure SSO settings in Google Apps to work with App Controller. For more information about downloading the SAML certificate, see xmob-appc-saml-app-certs-tsk.html#clg-appc-saml-app-certs-c-tsk.

List of Application Connectors with Additional Parameters

The following is a list of applications that require additional parameters. Some applications require that you download a SAML certificate from App Controller and then upload the certificate to App Controller. For more information about downloading the certificate, see xmob-appc-saml-app-certs-tsk.html#clg-appc-saml-app-certs-c-tsk.

AccessGateway
Users can log on to NetScaler Gateway by using one of the following three methods: NetScaler Gateway Plug-in, clientless access, or Citrix Receiver. When you configure this connector, it connects to the Web Interface by using an ICA connection. If you use this connector, configure Web Interface settings on NetScaler Gateway. When users log on with Receiver, NetScaler Gateway establishes an ICA connection to the XenApp or XenDesktop server. Users receive a list of applications or desktops in the web browser. When they click an application and open the application, the ICA connection is established.
In URL, enter the web address used to log on to NetScaler Gateway. The web address is: https://<AccessGatewayFQDN>/vpn/index.html
AtTask
URL: $$url$$/attask/home.cmd
In $$url$$ enter the subdomain name for the AtTask logon web site.
Basecamp
Basecamp is an application for project management and online collaboration.
In subdomain, enter the domain name that hosts Basecamp.
In URL, enter the web address to which users connect.
Bugzilla
Bugzilla is an application that you host in your internal network.
In URL, enter the web address that you use to log on to Bugzilla.
For example, enter http://<Application FQDN>/index.cgi
Campfire
In subdomain, enter the domain name that hosts Campfire.
In URL, enter the fully qualified domain name (FQDN) of Campfire.
CentralDesktop
CentralDesktop is collaboration software and online project management for business.
In URL, enter the web address that you use to log on to CentralDesktop.
CitrixAccessGateway
NetScaler Gateway provides secure user access to network resources in the internal network. If users log on with the NetScaler Gateway Plug-in or clientless access, use the CitrixAccessGateway connector.
You must enter the web address used to log on to NetScaler Gateway in URL.
You can use the following web address for NetScaler Gateway: https://<NetScalerGatewayFQDN>.
CitrixWebInterface
The Web Interface provides secure user access to published applications from XenApp and virtual desktops from XenDesktop.
In Cookies Domain, enter the Web Interface domain name.
In URL, enter the web address to which users connect.
Echosign_SAML
In URL, enter the subdomain name for Echosign. This application requires the SAML certificate. For more information about configuring Echosign, see the Echosign web site.
Egnyte
In URL, enter the web address used to log on to Egnyte.
In Cookies Domain and subdomain, enter the domain names.
URL: https:// <Application FQDN>
Example web address: https://<mycompany>.<mydomain>.com
Example Domain Name: <mydomain>.com
Example SubDomain Name: <mydomain>
eLeaP
In Cookies Domain , enter the domain name.
In URL, enter the web address used to log on to eLeaP.
For example, https:// <Application FQDN>
Example: https://<mycompany>.2leap.com
Example Domain Name: <mycompany>.2leap.com
Globoforce_SAML
Globoforce is software that allows organizations to recognize their employees.
In URL, enter the web address to which users connect.
GoogleApps_SAML
When you configure a connector for Google Apps, use the token $$domain$$ for the web address. This token is substituted with the Google Apps domain name. You provide the domain name in Domain Name.
URL: https://www.google.com/a/<mydomain.com>
Example: https://www.google.com/a/citrix.com
Important: You must use HTTPS for the Google Apps web address.
To configure App Controller for SSO to Google Apps
  1. In the management console, click the Apps & Docs tab.
  2. Under Apps & Docs > APPS, click web & SaaS.
  3. In the right pane, click the plus (+) sign and then click GoogleApps_SAML.
  4. In App name, type a name for the application.
  5. In Description, type a description for the application.
  6. In Cookies Domain, type the domain name that you configured in Google Apps.
  7. In URL, enter the URL preceded with http or https.
  8. Select App is hosted in internal network if the app is running on a server that resides in your internal network.
  9. Configure the remaining optional settings to configure categories, and roles for the application and then click Next.
  10. Configure the settings for user account management and workflows. For details, see To configure settings to create user accounts.
  11. Click Save when you are finished configuring the application.
After you configure Google App settings in App Controller, you then need to configure Google Apps for SSO. First, you download the SAML certificate from App Controller. Then, you log on to Google Apps, configure the SSO settings, and upload the certificate to Google Apps.
To configure Google Apps, follow these guidelines:
  • Enable SSO in Google Apps.
  • Provide the sign-in page URL. For example, type https://appc-johndoe-151.agsag.com/samlsp/websso.doaction=authenticateUser&app=GoogleApps_SAML&reqtype=1 .
  • Provide the sign-out page URL.

    This is the web address that appears when users log off. For example, type https://appc-johndoe-151.agsag.com/mywebapps

  • Provide the URL that users can access to change their password.

    For example, type https://appc-johndoe-151.agsag.com/mywebapps

  • Upload the SAML certificate from App Controller to Google Apps.
Note: When users log on to Google Mail, they are automatically signed on to all features by using SSO. To log on, use the format http://mail.google.com/a/<domainName>.com
GoogleApps_SAML_IDP
You can use this connector to configure Google Apps as an Identity Provider. The settings are the same as for GoogleApps_SAML.
HelpSpot
In URL, enter the web address that users use to log on.
In Cookies Domain, enter the HelpSpot domain name.
URL: http://<Application FQDN> :< port number>/helpspot/admin.php
The default web address is $$url$$/helpspot/admin.php
Example URL: http://mycompany.helpspot.com:8089/helpspot/admin.php
Example domain name: mycompany.helpspot.com
JIRA
JIRA is an application you host in your internal network.
In URL, enter the web address used to log on to JIRA.
Example URL: http:// <Application FQDN> :<port number> /secure/Dashboard.jspa
Office 365
Microsoft Office 365 is cloud-based solution for e-mail, collaboration, instant messaging, and web conferencing. Before you configure Office 365, make sure you have the following prerequisites:
  • Windows Azure
  • Public domain name that can be reached from the Internet
  • Microsoft Online Service Module to connect to the Azure database
  • Active Directory
  • Directory Synchronization tool that is used to synchronize Active Directory objects (users, groups, and contacts) to the cloud. This is also called directory sync.
In Cookies Domain, enter the Office 365 domain name.
In URL enter the web address used to log on to Office 365. The default URL is https://login.microsoftonline.com.
On the Settings tab, in the left pane, click Certificates.
After you configure Office 365 settings in App Controller, you need to configure Office 365 for SSO. First, you download the SAML certificate from App Controller. When you run the cmdlets in the following procedure, you enter the SAML certificate path or copy the certificate into the location from where you run the cmdlets. The following procedure enables the trust relationship between Windows Azure and App Controller. This allows SAML-based SSO.
When you configure the domain name ($dom), use the Active Directory domain.
To configure Office 365
  1. Log on to Windows Server 2008 R2 or Windows Server 2008.
  2. Open Power Shell.
  3. At the command prompt, type Connect-MsolService. Enter Microsoft online service user name and password when prompted.
  4. At the command prompt, enter the following cmdlets:
    $dom = "<Domain name>" 
    $fedBrandName = "AppC" 
    $url = "https://< AppC FQDN>/samlsp/websso.do?action=authenticateUser&app=Office365_SAML" 
    $uri = "AppController.example.com" 
    $logoutUrl = "https://<AppC FQDN>/samlsp/websso.do?action=logout&app=Office365_SAML" 
    $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("certificate.pem") 
    $certData = [system.convert]::tobase64string($cert.rawdata) 
    Set-MsolDomainAuthentication –DomainName $dom –federationBrandName $fedBrandName -Authentication Federated -PassiveLogOnUri $url -SigningCertificate $certData -IssuerUri $uri -LogOffUri $logoutUrl -PreferredAuthenticationProtocol SAMLP
After you configure these settings, users can log on to Office 365 from Receiver or by using the Office 365 URL in a web browser.
Oracle10g
In URL enter the web address used to log on to Oracle10g.
In Cookies Domain, enter the Oracle10g domain name.
URL syntax: http://<Application FQDN>:<port no(if any)>/apex
Example URL: http:// <mycompany>.<mydomain>.com:8080/apex
Example domain name: <mydomain>.com
In the Oracle10g application in App Controller, change the default Redirection URL to the FQDN of App Controller. For example, if the App Controller FQDN is appcontroller.citrix.com; the Redirection URL must be "https://appcontroller.citrix.com".
OWA (Outlook Web Access)
In URL, enter the web address that is used to access Outlook Web Access.
In Cookies Domain, enter the domain name of Outlook Web Access.
URL: https://<Application FQDN>
Example URL: https://<mycompany>.<mydomain>.com
Example domain name: <mycompany>.<mydomain>.com
The Outlook Web Access connector does not support NTLM-based authentication. Outlook Web Access only supports form-based authentication.
PeopleclickAuthoria
In URL, enter the web address used to log on to Peopleclick Authoria.
In Cookies Domain, enter the domain name.
URL: https://<Application FQDN>
Example URL: https://<mycompany>.<mydomain>/loginAction.action
Example domain name: <mycompany>.<mydomain>.com
Note: Authoria connector is for an enterprise hosted application and not for a web-based application.
Recover_Password
In URL, enter the App Controller FQDN, such as https://AppController.example.com/recoverpasswordportal.
Reset _AppsPassword
In URL, enter the App Controller FQDN, such as https://<AppControllerFQDN>.
Salesforce
When you open the connector for Salesforce, the URL contains a web address. If the default web address is different than the web address that your organization uses, enter the correct web address.
Default URL: https://login.salesforce.com
Example: Your organization’s URL: https://my.salesforce.com
Salesforce_SAML
URL: https://login.salesforce.com
When you open the connector for Salesforce, the URL contains a web address. If the web address is different from the web address that your organization uses, enter the correct web address.
This application requires the SAML certificate from App Controller. Follow the procedures in Salesforce_SAML_SP to upload the SAML certificate to the Salesforce server.
Salesforce_SAML_SP
URL: https://login.salesforce.com
When you enable user management and enter the user name and password, you need to use the password you use to log on to Saleforce along with the token. For example, password ZDMn6tx5Rf9l1bLdKrgwNuviM.
You need to download the certificate from App Controller and then upload the certificate to the Salesforce application. For more information about uploading the certificate to Salesforce, see Configuring SAML Settings for Single Sign-On.
In the Salesforce application, specify the IdP URL in SAML settings as https://appc-johndoe-151.agsag.com/samlsp/websso.doaction=authenticateUser&app=Salesforce_SAML_SP&reqtype=1.
SAP
In URL, enter the web address used to log on to SAP.
In Cookies Domain, enter the SAP domain name.
URL: http://<Application FQDN>
Example: http://<mycompany>.mydomain.com
Example domain name: <mycompany>.mydomain.com
ShareFile
In Cookies Domain, enter the domain name that hosts ShareFile.
ShareFile_SAML
In URL, enter the web address used to log on to ShareFile_SAML.
In Cookies Domain, enter the domain name that hosts ShareFile.
ShareFile_SAML_SP
In URL, enter the web address used to log on to ShareFile.
In Cookies Domain, enter the domain name that hosts ShareFile.
SuccessFactors
SuccessFactors requires the parameter Company Id. Enter your organization’s name in App Controller.
URL: https://performancemanager4.successfactors.com/login
Company ID: <company Id>
Note: Company Id is case sensitive. Please enter the Company ID that you registered with SuccessFactors.
SuccessFactors_SAML
The SuccessFactors technical support team configures SAML settings. Contact SuccessFactors when you are ready to configure these settings. You need to provide a .csv file to technical support. The .csv file must have a password column that is the same as the user ID.
SuccessFactors requires the Company ID parameter which is your organization’s name. Enter your organization’s name in Cookies Domain.
Domain Name: <Company Name>
Note: Company Name is case sensitive. Please enter the Company Name that you registered with SuccessFactors.
Webex
In URL, enter the web address used to log on to WebEx. In Cookies Domain, type your organization’s domain name. In Company Name, enter your organization’s name.
Example: https://<mycompany>.webex.com/mw0306lc/mywebex/default.do?siteurl=<mycompany> &service=10
Example domain name: citrix.webex.com
Example company name: <mycompany>
Note: Domain Name and Company Name are case sensitive.
WebEx_SAML_SP
In URL, enter the web address used to log on to WebEx SAML.
URL: https://<companyname>.webex.com/dispatcher/SAML2AuthService?siteurl=<companyname>
This application requires the SAML certificate from App Controller. For more information about uploading the certificate to WebEx, see Single sign-on Configuration in the Cisco WebEx Administration Tool.
In the WebEx application, specify the IdP URL in SAML settings as https://appc-johndoe-151.agsag.com/samlsp/websso.doaction=authenticateUser&app=WebEx_SAML_SP&reqtype=1.
Webtrends
When you configure a Webtrends connector, you must enter the account name provided by Webtrends when you registered App Controller.
Account: <Account name>
Example Account name: mycompany
Note: Account is case sensitive.
URL: https://ondemand.webtrends.com/login.asp
Zendesk
In URL, enter the web address used to log on to Zendesk.
In Cookies Domain, type the domain name for Zendesk.
URL: https:// <Application FQDN>
Example URL: https://<mycompany>.zendesk.com
Example domain name: mycompany.zendesk.com