Configuring Smart Card Access with the Web Interface

When you configure the Web Interface to use smart card authentication, you can configure the following deployment scenarios in order to integrate NetScaler Gateway, depending on how users log on:

  • If users log on directly to the Web Interface by using Citrix Receiver and smart card authentication, the Web Interface must be parallel to NetScaler Gateway in the DMZ. The server running the Web Interface must also be a domain member.

    In this scenario, both NetScaler Gateway and the Web Interface perform SSL termination. The Web Interface terminates secure HTTP traffic including user authentication, the display of published applications, and the starting of published applications. NetScaler Gateway terminates SSL for incoming ICA connections.

  • If users log on with the NetScaler Gateway Plug-in, NetScaler Gateway performs the initial authentication. When NetScaler Gateway establishes the VPN tunnel, users can log on to the Web Interface by using the smart card. In this scenario, you can install the Web Interface behind NetScaler Gateway in the DMZ or in the secure network.

Note: NetScaler Gateway can also use the smart card for authentication by using a client certificate.

For more information, see Configuring Smart Card Authentication

Configuring Smart Card Access with the Web Interface