- Configuring and Binding a Client Certificate Authentication Policy
- Configuring Two-Factor Client Certificate Authentication
- Configuring Smart Card Authentication
- Configuring a Common Access Card
You can configure NetScaler Gateway to use a cryptographic smart card to authenticate users.
To configure a smart card to work with NetScaler Gateway, you need to do the following:
After you create the client certificate, you can write the certificate, known as flash, onto the smart card. When you complete that step, you can test the smart card.
If you configure the Web Interface for smart card passthrough authentication, if either of the following conditions exist, single sign-on to the Web Interface fails:
You can use smart card authentication to streamline the logon process for your users while also enhancing the security of user access to your infrastructure. Access to the internal corporate network is protected by certificate-based two-factor authentication using public key infrastructure. Private keys are protected by hardware controls and never leave the smart card. Your users get the convenience of accessing their desktops and applications from a range of corporate devices using their smart cards and PINs.
You can use smart cards for user authentication through StoreFront to desktops and applications provided by XenDesktop and XenApp. Smart card users logging on to StoreFront can also access applications provided by App Controller. However, users must authenticate again to access App Controller web applications that use client certificate authentication.
For more information, see Use smart cards with StoreFront in the StoreFront documentation.
To prevent users from receiving the second PIN prompt, you have to change two settings:
After you configure the virtual server, bind one or more STA servers to the virtual server, as described in Configuring NetScaler Gateway Settings in Web Interface 5.3.
You might also want to test smart-card authentication.