Forum Discussion

dluzzi's avatar
dluzzi
Icon for Nimbostratus rankNimbostratus
Aug 22, 2019

F5 APM - SAML Auth with Citrix Workspace App

Hello,

 

I have configured SAML auth with AzureAD with APM and storefront web interface with no issues. Im wondering if anyone has tried getting the local receiver/workspace app to work? It looks like the local client now supports SAML auth coming from a netscaler, however not sure if APM can trigger the app to redirect it to Azure to login.

application delivery
BIG-IP Access Policy Manager (APM)
citrix
  • Clifford_Ainswo's avatar
    Clifford_Ainswo
    Icon for Employee rankEmployee
    Jul 25, 2023

    To save anyone else any frustration with this topic I had it confirmed as of July '23 (and not likely to change). Only the browser and not the Citrix client are supported with this method of authentication.

  • Dave_W's avatar
    Dave_W
    Icon for Employee rankEmployee
    Sep 13, 2019

    Hello, I believe this depends client. So if the Workspace client supports SAML then it should work.

    • dluzzi's avatar
      dluzzi
      Icon for Nimbostratus rankNimbostratus
      Sep 23, 2019

      I have tested with workspace app 1902, which does support SAML from citrix cloud/netscaler. I copied the settings from the web interface to receiver after the pre-check but it doesnt redirect to azure, just gets a normal login prompt.

      • Dave_W's avatar
        Dave_W
        Icon for Employee rankEmployee
        Sep 24, 2019

        Hello, so do you mean the Workspace app or Receiver app or am I misunderstanding?

  • StevenL's avatar
    StevenL
    Icon for Nimbostratus rankNimbostratus
    Dec 26, 2019

    I'm currently having the same issue.

    Has this been solved? If so, what's the solution?

  • Dathi's avatar
    Dathi
    Icon for Nimbostratus rankNimbostratus
    Oct 16, 2020

    I am trying to get the SAML auth with ADFS(on prem) to storefront. My policy looks as below.

    For some reason, upon entering my fqdn, it rightly gets authenticated on ADFS and then stops at the storefront logon page. Does not SSO into it.

     

    Not sure what might be the issue. Could you think of anything ?

     

  • Niklas_Sävenstedt's avatar
    Niklas_Sävenstedt
    Icon for Nimbostratus rankNimbostratus
    Jun 02, 2022

    Hi

    Did anyone solve this?

    We're having almost the same setup. On prem farm with Storefront, behind F5 APM and ADFS as IDP, and Citrix FAS to support certificate logon.

    Web access works flawlessly, and Citrix Workspace App with username/password also works, but we would like to have the same logon through ADFS and SAML with MFA for the Worksspace App, because of the risk of only using simple username/password domain logon from Internet.

    I think the problem is in APM and that the policy doesn't trigger a redirect in the App, but I'm not sure.

    I know Citrix doesn't support the solution with F5 APM, but have anyone managed to solve this?

    Best regards, Niklas