Forum Discussion

Kai_M__48813's avatar
May 02, 2018

get AD password using AD query

hi,

 

im currently working on a apm setup, where the customer has different 2FA's depending on group membership. Im struggling to get SSO to work on one of them, as they only validate using username+token. Is there a way to use AD query to get the password, populate a variable assign, and use this for SSO?

 

  • Hello,

     

    Another solution is to use saml. As you know Citrix xenapp and xendesktop support SAML.

     

    You can create an IDP hosted on your Equipement with wanted authentification regarding User rights (User + token). And bind this IDP with Citrix...

     

    but as you specified Stanislas, you can't retrieve password in your directory and it's not a reliable solution (in terms of security and maintenance)...

     

    Regards

     

  • Hopefully, Active Directory doesn't allow another system to retrieve AD Password!

     

    If the user doesn't provide AD Password, the only solution is to use Kerberos SSO which doesn't require AD password to work.