Product Documentation

Authenticating Users

Authenticating users is the first step of the user connection process in a double-hop DMZ deployment. The following figure shows the user connection process in this deployment.

Figure 1. Communication flow for user authentication in a double-hop DMZ

User authentication process in a double-hop DMZ

During the user authentication stage, the following basic process occurs:

  1. A user types the address of NetScaler Gateway, such as https://www.ng.wxyco.com in a web browser to connect to NetScaler Gateway in the first DMZ. If you enabled logon page authentication on NetScaler Gateway, NetScaler Gateway authenticates the user.
  2. NetScaler Gateway in the first DMZ receives the request.
  3. NetScaler Gateway redirects the web browser connection to the Web Interface.
  4. The Web Interface sends the user credentials to the Citrix XML Service running in the server farm in the internal network.
  5. The Citrix XML Service authenticates the user.
  6. The XML Service creates a list of the published applications that the user is authorized to access and sends this list to the Web Interface.

If you enable authentication on NetScaler Gateway, the appliance sends the NetScaler Gateway logon page to the user. The user enters authentication credentials on the logon page and the appliance authenticates the user. NetScaler Gateway then returns the user credentials to the Web Interface.

If you do not enable authentication, NetScaler Gateway does not perform authentication. The appliance connects to the Web Interface, retrieves the Web Interface logon page, and sends the Web Interface logon page to the user. The user enters authentication credentials on the Web Interface logon page and NetScaler Gateway passes the user credentials back to the Web Interface.

Authenticating Users

In this article