-
Install and configure the Citrix Gateway appliance
-
Authentication and Authorization
-
Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices
-
Restrict access to Citrix Gateway for members of one Active Directory group
-
VPN configuration on a Citrix Gateway appliance
-
Integrate the Citrix Gateway plug-in with Citrix Workspace app
-
Maintaining and Monitoring the System
-
Integrate Citrix Gateway with Citrix products
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configure settings for your Citrix Endpoint Management Environment
-
Configure load balancing servers for Citrix Endpoint Management
-
Configure load balancing servers for Microsoft Exchange with Email Security Filtering
-
Configure Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allow Access from mobile devices with Citrix Mobile Productivity Apps
-
Configure domain and security token authentication for Citrix Endpoint Management
-
Configure client certificate or client certificate and domain authentication
-
-
Access Citrix Virtual Apps and Desktops resources with the Web Interface
-
Configuring Additional Web Interface Settings on Citrix Gateway
-
Configuring Access to Applications and Virtual Desktops in the Web Interface
-
Integrate Citrix Gateway with Citrix Virtual Apps and Desktops
-
Configuring Settings for Your Citrix Endpoint Management Environment
-
Configuring Load Balancing Servers for Citrix Endpoint Management
-
Configuring Load Balancing Servers for Microsoft Exchange with Email Security Filtering
-
Configuring Citrix Endpoint Management NetScaler Connector (XNC) ActiveSync Filtering
-
Allowing Access from Mobile Devices with Citrix Mobile Productivity Apps
-
Configuring Domain and Security Token Authentication for Citrix Endpoint Management
-
Configuring Client Certificate or Client Certificate and Domain Authentication
-
-
Citrix Gateway Enabled PCoIP Proxy Support for VMware Horizon View
-
Configure DTLS VPN virtual server using SSL VPN virtual server
-
Proxy Auto Configuration for Outbound Proxy support for Citrix Gateway
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile/Tablet Devices
This section describes how to configure the Citrix Gateway appliance to use RADIUS authentication as primary and LDAP authentication as secondary with mobile/tablet devices.
The configuration demonstrated in the section still allows all other connections to use LDAP first and RADIUS second.
When you configure two-factor authentication on the Citrix Workspace app for use with mobile/tablet devices, you must add the RSA SecureID (RADIUS authentication) as the primary authentication. But when the users get the prompt for user name and Password, Passcode on Receiver they are putting LDAP first and RADIUS as second credentials. From an administrator point of view it is a different configuration as compared to a non-mobile configuration.
Complete the following procedure to configure the Citrix Gateway appliance to use RADIUS authentication as primary and LDAP authentication as secondary with mobile/tablet devices.
-
From the Configuration Utility, select Citrix Gateway > Policies > Authentication and create an authentication policy for LDAP and RSA for mobile devices and non-mobile devices. This is necessary to avoid a logic condition that can allow users to bypass the RADIUS authentication.
-
Enter LDAP Server details after clicking the Add option under the Servers tab for LDAP.
-
Create an LDAP policy for the mobile devices by choosing the required LDAP Server.
To bind this policy to only mobile devices, use the following expression:
`REQ.HTTP.HEADER User-Agent CONTAINS CitrixReceiver`
-
Click Expression Editor to create policy:
-
Create a RADIUS policy and RADIUS Server for the mobile devices.
- Navigate to the RADIUS option from Citrix Gateway > Policies > Authentication > RADIUS. Click Add under Server tab.
- Add the required details. The default port for RADIUS authentication is 1812.
- To bind this policy to only mobile devices, use the following expression:
-
Follow the same step to create an LDAP policy for non-mobile devices. To bind this policy to only non-mobile devices, use the following expression:
`REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver`
-
Create a RADIUS policy for non-mobile devices. To bind this policy to only non-mobile devices, use the following expression:
`REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver`
-
Go to the Properties of the Citrix Gateway Virtual Server and click the Authentication tab. On the Primary Authentication Policies, add the RSA_Mobile policy as top priority and the LDAP_NonMobile policy as secondary priority:
-
In the Secondary Authentication Policies, add the LDAP_Mobile policy as top priority, followed by the RSA_NonMobile policy as secondary priority:
The session policy must have the correct single sign-on Credential Index, that is, it must be the LDAP credentials. For mobile devices, the Credential Index under Session Profile > Client Experience must be set to Secondary which is LDAP.
Therefore you need two session policies, one for mobile devices and the other for non-mobile devices.
- For mobile devices, the session policy, and session profile appear as displayed in the following screenshot. To create session policy, navigate to the required virtual server and, click Edit, go to the policy section, and click + sign:
-
Choose the Session option from the menu.
-
Enter the desired Session Policy name and click + to create a profile. For mobile devices, the Credential Index under Session Profile > Client Experience must be set to Secondary which is LDAP.
- For non-mobile devices, follow the same steps. Credential Index under Session Profile > Client Experience must be set to Primary which is LDAP.
The expression must be changed to:
REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver
- To create profile for non-mobile user, click + sign.
-
The following figure displays the policies and profiles under the required virtual server.
-
Also on the StoreFront, under the Citrix Gateway configuration set to use “Logon Type” = “Domain and Security token”
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.