Product Documentation

Authenticating Users

Authenticating users is the first step of the user connection process in a double-hop DMZ deployment. The following figure shows the user connection process in this deployment.

Figure 1. Communication flow for user authentication in a double-hop DMZ

User authentication process in a double-hop DMZ

During the user authentication stage, the following basic process occurs:

  1. A user types the address of Citrix Gateway, such as https://www.ng.wxyco.com in a web browser to connect to Citrix Gateway in the first DMZ. If you enabled logon page authentication on Citrix Gateway, Citrix Gateway authenticates the user.
  2. Citrix Gateway in the first DMZ receives the request.
  3. Citrix Gateway redirects the web browser connection to the Web Interface.
  4. The Web Interface sends the user credentials to the Citrix XML Service running in the server farm in the internal network.
  5. The Citrix XML Service authenticates the user.
  6. The XML Service creates a list of the published applications that the user is authorized to access and sends this list to the Web Interface.

If you enable authentication on Citrix Gateway, the appliance sends the Citrix Gateway logon page to the user. The user enters authentication credentials on the logon page and the appliance authenticates the user. Citrix Gateway then returns the user credentials to the Web Interface.

If you do not enable authentication, Citrix Gateway does not perform authentication. The appliance connects to the Web Interface, retrieves the Web Interface logon page, and sends the Web Interface logon page to the user. The user enters authentication credentials on the Web Interface logon page and Citrix Gateway passes the user credentials back to the Web Interface.

Authenticating Users

In this article