For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Aug 07, 2014

APM VDI support for other thin clients?

(posting on behalf of client)   Hi all,   I know that as of 11.4, Wyse Xenith clients are supported. I am wondering if anyone has had success configuring another Wyse thin client (the device is...
BIG-IP Access Policy Manager (APM)
citrix
security
virtualization
BriannonotthatB's avatar
BriannonotthatB
Icon for Nimbostratus rankNimbostratus
Aug 21, 2014

I found out that the solution to the above question is actually included in the VDI 1.1.0 iApp deployment guide. On page 31/55 the section with "Users with certain mobile clients (iOS/Android) are having authentication issues after deploying the iApp and selecting to use BIG-IP APM with Web Interface or StoreFront servers" contains the fix. In short, remove the Storefront URI Redirect from the Access Policy, then add an iRule as follows to the virtual server:

when ACCESS_ACL_ALLOWED {
    set type [ACCESS::session data get session.client.type]
    if { !($type starts_with "citrix") } {
        if { [HTTP::uri] == "/" } {
        log local0. "Redirecting to Web..."
        ACCESS::respond 302 Location "https://[HTTP::host]/Citrix/web/"
        }
    }
}

This is confirmed to work in Wyse thin clients as well as Android/iOS Receiver clients as mentioned in the guide. The wnos.ini file on the Wyse clients needs to contain a line similar to this as well:

PnliteServer=https://apmserver.domainname.com CAGAuthMethod=LDAP