Forum Discussion

Rob_Young's avatar
Rob_Young
Icon for Altostratus rankAltostratus
Jan 18, 2022

Citrix access using SAML

Is it possible to perfom SSO into CItrix when AZURE SAML to authenitcate to the F5. All the docs, guides or bits and pieces I have found that reference passwordless envolves using smartcard.   I...
BIG-IP Access Policy Manager (APM)
citrix
cloud
saml
security
Nikoolayy1's avatar
Nikoolayy1
Icon for MVP rankMVP

So Azure AD is your SAML IdP and the F5 is your SAML SP and you want the Citrix Storefront to be another SAML SP of Azure AD?

 

If the F5 and Citrix are SP on the same SAML IdP Azure AD this should work but if you want the F5 to use username/password for SSO then reserch how Azure AD can return the SAML username and password to to the F5 SAML SP as saml attributes in the assertion so it can use it to SSO in the Citrix if that is possible.  Still I do not know if the userame and password can be inserted by the Azure AD as F5 IdP supports this but for Azure you have to check.

 

https://community.f5.com/t5/technical-forum/using-saml-for-login-vs-f5-login-page-but-need-the-password-for/td-p/92681

 

https://community.f5.com/t5/technical-forum/saml-auth-with-logon-page/td-p/90217

 

https://community.f5.com/t5/technical-forum/saml-apm-as-service-provider-sp-role-is-it-possible-to-do-sso/td-p/128301

Rob_Young's avatar
Rob_Young
Icon for Altostratus rankAltostratus
Jan 26, 2022

Thanks for the info.  To clarify, I do not wish to continue using username and pass.  We are testing AzureAD as our IDP and the F5 as the SP (which is working) but we are having issues authenticating to our Citrix storefront.  You cannot pass the password from AzureAD as a SAML attribute ( and I would never want to hand around a pw in a SAML attribute anyways)

I would think that I would have to do a Kerb or another SAML which I have tried but I cannot seem to get this to work.  Looking for someone who has this working in their environment.