Forum Discussion
SSO doesn't work with Citrix deployed on BIG-IP
Hi guys,
We would like to use our F5 (LTM&APM fully licensed) instead of Netscaler Gateway for access to our Citrix Farm therefore we have recently deployed the newest iApp (f5.citrix_vdi.v2.3.0) to get this configured and I can see some issues with single sign-on already.
I can get to the F5 website (Virtual Server - DNS record created) and log-in successfully with my AD credentials but then it will take me to one of our website hosted on our Citrix WI server (Web Interface) which will ask me to log-in again. Providing the same set of credentials I can log in and access all the resources just fine.
It looks like the SSO does not work - not passing on my credentials from F5 website to Citrix Web Interface.
What am I missing here?
Has anyone seen this before?
Thanks,
- JinshuCirrus
Hi mate,
Verify that you are passing the credentials to the citrix farm. If not, you can do it by session variables.
Also please make sure that you have enabled auto log-in in the citrix desktop. Navigate to
Access Policy ›› Application Access : Remote Desktops : Remote Desktops ›› Citrix__apm_remote_desktop_1
Select Autologin and give the session variables there.
Auto Logon -> Enable Broker Authentication > Password Based Username Source > session.logon.last.username Password Source > session.logon.last.password
and update it.
Please let me know if you need any more information.
-Jinshu
- JinshuCirrus
Okay. This is because you are not using F5 APM Webtop to replace the Citrix storefront servers,isnt it?
- Can you give the veriables you have given in the access policy?
- Can you check in the Citrix storefront logs, what's the error message while you are authenticating with AD on F5 APM?
-Jinshu
- JinshuCirrus
If username doesn't append the domain name, then the variable we have used might need to modify. But however you will get an authentication error on the Citrix web if F5 APM pass the credentials. Are you able to see any logon attempt on Citrix Web server?
-Jinshu
- JinshuCirrus
So your authentication issue solved, right?
If the icons are not responding, It seems the ICA tunnel is not getting established. Are you seeing any errors in APM or Citrix?
-Jinshu
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com