Forum Discussion

AndOs's avatar
AndOs
Icon for Cirrostratus rankCirrostratus
Dec 03, 2012

Keep applications active after web interface logoff

Hi!

 

 

I'm trying to make a configuration with Big-ip APM to replace two old Citrix Access Gateways for our Citrix farms.

 

I've made a setup using the iApp for XenApp using f5.citrix_xenapp_xendesktop.2012_06_27 which load balances and authenticates users to our XenApp 5.4 web interfaces.

 

We are using TMOS 11.2.0 and will not replace the web interface with webtop (basically do pass-through auth if I understand this correct)

 

 

One issue I immediately ran into was that the applications I start gets disconnected when I log off the web interface and my APM session closes.

 

The setting "Logoff behavior: Log off all sessions" is unchecked in Citrix web interface.

 

 

If I start applications directly from the web interface servers, without going through the APM, the appications remain active when I log off.

 

 

 

Is there any way to get the applications to remain active even when the APM session closes, so that it mimics the behavior of the old gateways?

 

 

I've looked through the iApp deployment guide and also the settings in APM, but haven't found anything that seems to control this.

 

 

 

Thanks!

 

 

 

/Andreas

 

 

citrix
partner
  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus
    Apr 13, 2018

    I was given a similar requirement. The backend is 7.1X Citrix which requires (according to AskF5) 13.1+. I was able to set up everything via an iApp, then replicate without the iApp ('cause I hate iApps). The problem I faced is storefront java script logged out after 20 minutes-ish and killed the APM session. The requirement I was given was to allow that timeout, but to also let active VDI's to continue (they ride the same APM session).

    This is what I came up with, which works for me, YMMV:

    when CLIENT_ACCEPTED {
    set citrix_logout 0
}
when HTTP_REQUEST {

    set hardlimit 86400
    set VDI_Logoff "/Citrix/yourstore/Authentication/Logoff"
    set storeWebName "/Citrix/yourstore/"

    if { [HTTP::uri] == $VDI_Logoff } {
        set cookieNames [HTTP::cookie names]
        set MRHSession [HTTP::cookie value MRHSession]
        table set -subtable loggedout [HTTP::cookie value MRHSession] limit $hardlimit
        ACCESS::disable
        set clear_cookies 1
    } else {
        if { [table lookup -subtable "loggedout" [HTTP::cookie value MRHSession]] != "" } {
                    log local0. "Rejecting MRHSession [HTTP::cookie value MRHSession]"
                    reject
        }
    }
}
when HTTP_RESPONSE {
    if { [info exists clear_cookies] } {
        foreach aCookie $cookieNames {
            HTTP::cookie insert name $aCookie value 0
            HTTP::cookie expires 1
        }
    }
}
when ACCESS_ACL_ALLOWED {
    set type [ACCESS::session data get session.client.type]
    if { !($type starts_with "citrix") } {
        set http_uri [HTTP::uri]
        if { $http_uri == "/" || ($citrix_logout eq 0 && $http_uri ends_with "login.aspx") } {
            ACCESS::respond 302 Location "https://[HTTP::host]$storeWebName"
        } elseif { $http_uri contains "Logoff" } {
            set citrix_logout 1
        } elseif { $citrix_logout eq 1 && $http_uri ends_with "login.aspx" } {
            set citrix_logout 0
            ACCESS::respond 200 content "Logged out\r\n" Connection close
            ACCESS::session remove
        } elseif { $http_uri ends_with "Disconnect" } {
           ACCESS::respond 200 content "Logged out\r\n" Connection close
           ACCESS::session remove
        }
    }
}