Citrix Federated Authentication Service Integration with APM

Introduction This guide will cover how to use APM as the access gateway in front of Storefront when using Citrix FAS. This will enable you to leverage authentication methods like SAML, Kerberos, o...
Published Dec 19, 2016
Version 1.0
access gateway
application delivery
BIG-IP
BIG-IP Access Policy Manager (APM)
citrix
federated authentication service
kerberos
saml
security
Manuel_Cristob2's avatar
Manuel_Cristob2
Icon for Nimbostratus rankNimbostratus
Feb 09, 2018

Hi Graham,

 

I have a need to authenticate users already federated (with a saml token) form O365 as SP and WAP/ADFS as the IDP before they reach the Citrix Storefront environment.

 

When the user clicks on the citrix/storefrom link in Sharepoint desktop, the user is sent to the F5 APM as the SAML SP for Citrix which relays on the same WAP/ADFS( originally sent saml response for o365 for the same user) as the F5's SAML idp. question : When the http request arrives to the F5 as saml SP for the SharePoint/Citrix, can we extract the original SAMl token assigned by ADFS as the idp for o365 and use it to generate the SAMl request to the the same ADFS/WAP idp that authenticated this user (from the 0365 SP)?

 

Hope I am clear

 

thanks Manuel