Forum Discussion
F5 APM - SAML Auth with Citrix Workspace App
Hello,
I have configured SAML auth with AzureAD with APM and storefront web interface with no issues. Im wondering if anyone has tried getting the local receiver/workspace app to work? It looks like the local client now supports SAML auth coming from a netscaler, however not sure if APM can trigger the app to redirect it to Azure to login.
- Clifford_AinswoEmployee
To save anyone else any frustration with this topic I had it confirmed as of July '23 (and not likely to change). Only the browser and not the Citrix client are supported with this method of authentication.
- Niklas_SävenstedtNimbostratus
Hi
Did anyone solve this?
We're having almost the same setup. On prem farm with Storefront, behind F5 APM and ADFS as IDP, and Citrix FAS to support certificate logon.
Web access works flawlessly, and Citrix Workspace App with username/password also works, but we would like to have the same logon through ADFS and SAML with MFA for the Worksspace App, because of the risk of only using simple username/password domain logon from Internet.
I think the problem is in APM and that the policy doesn't trigger a redirect in the App, but I'm not sure.
I know Citrix doesn't support the solution with F5 APM, but have anyone managed to solve this?
Best regards, Niklas
- DathiNimbostratus
I am trying to get the SAML auth with ADFS(on prem) to storefront. My policy looks as below.
For some reason, upon entering my fqdn, it rightly gets authenticated on ADFS and then stops at the storefront logon page. Does not SSO into it.
Not sure what might be the issue. Could you think of anything ?
- StevenLNimbostratus
I'm currently having the same issue.
Has this been solved? If so, what's the solution?
- Dave_WEmployee
Hello, I believe this depends client. So if the Workspace client supports SAML then it should work.
- dluzziNimbostratus
I have tested with workspace app 1902, which does support SAML from citrix cloud/netscaler. I copied the settings from the web interface to receiver after the pre-check but it doesnt redirect to azure, just gets a normal login prompt.
- Dave_WEmployee
Hi, as far as I can tell it should be supported. The SAML logging in APM is pretty good as far as useful errors. I would set the Access Policy logs to debug and see if you are getting an error.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com