Smart Card Authentication to Citrix StoreFront Using F5 Access Policy Manager

What my article does not include is the troubleshooting, network captures and more required to get this working. If you don't get this up and running right away and need to do packet captures with encrypted traffic, remember the two methods to do so. I personally find it easier to modify the SSL profile cipher string to support RSA only and use the private key in Wireshark but you can also use the RSA session secret using this solution article. https://support.f5.com/csp/article/K12783074

One other thing to note, under certain configuration circumstances Storefront will use its loopback IP to perform communication internally which I was not capturing because of my capture string was defining the BIG-P self IP and the routable Storefront IP.

In addition to this, if you are confused about the STA service, it was natively installed with the controller and required no configuration from me but I did have to define it in my access policy as a session variable.

If you are unsure who your F5 account team is, let me know and we can try to determine that so they can assist. If they are unable to do so, I still have my dev environment with this deployment functional so I may be able to provide more granular details if needed. Good luck and let me know how it goes.