Forum Discussion

dluzzi's avatar
dluzzi
Icon for Nimbostratus rankNimbostratus
Aug 22, 2019

F5 APM - SAML Auth with Citrix Workspace App

Hello,

 

I have configured SAML auth with AzureAD with APM and storefront web interface with no issues. Im wondering if anyone has tried getting the local receiver/workspace app to work? It looks like the local client now supports SAML auth coming from a netscaler, however not sure if APM can trigger the app to redirect it to Azure to login.

  • To save anyone else any frustration with this topic I had it confirmed as of July '23 (and not likely to change). Only the browser and not the Citrix client are supported with this method of authentication.

  • Hello, I believe this depends client. So if the Workspace client supports SAML then it should work.

    • dluzzi's avatar
      dluzzi
      Icon for Nimbostratus rankNimbostratus

      I have tested with workspace app 1902, which does support SAML from citrix cloud/netscaler. I copied the settings from the web interface to receiver after the pre-check but it doesnt redirect to azure, just gets a normal login prompt.

      • Dave_W's avatar
        Dave_W
        Icon for Employee rankEmployee

        Hello, so do you mean the Workspace app or Receiver app or am I misunderstanding?

  • I'm currently having the same issue.

    Has this been solved? If so, what's the solution?

  • Dathi's avatar
    Dathi
    Icon for Nimbostratus rankNimbostratus

    I am trying to get the SAML auth with ADFS(on prem) to storefront. My policy looks as below.

    For some reason, upon entering my fqdn, it rightly gets authenticated on ADFS and then stops at the storefront logon page. Does not SSO into it.

     

    Not sure what might be the issue. Could you think of anything ?

     

  • Hi

    Did anyone solve this?

    We're having almost the same setup. On prem farm with Storefront, behind F5 APM and ADFS as IDP, and Citrix FAS to support certificate logon.

    Web access works flawlessly, and Citrix Workspace App with username/password also works, but we would like to have the same logon through ADFS and SAML with MFA for the Worksspace App, because of the risk of only using simple username/password domain logon from Internet.

    I think the problem is in APM and that the policy doesn't trigger a redirect in the App, but I'm not sure.

    I know Citrix doesn't support the solution with F5 APM, but have anyone managed to solve this?

    Best regards, Niklas