Does anyone have this working? I'm trying to get smart access policies to work with StoreFront 2.6 using the v2.2 of the citrix iApp...and every possible configuration I've tried does NOT work. I've followed the guide step by step.
F5 support has not responded to me for weeks.
I've verified this configuration works with Netscaler and the smart access also works from the same F5 device utilizing the webtop instead of storefront...I've also verified the variables are being set by APM...it's just not passing through to storefront...
It most definitely works. The issue is probably be in your configuration. After reviewing our currently-posted deployment guide, I realized that SmartAccess is not really highlighted there.
I'd like to ask you send me privately here the case number you have with support so that I can take a look into it and see what happened. I will also raise this internally to update our DG and documentation on support.f5.com as well.
For now, please look at this page:
Essentially, you need to configure your StoreFront the same as when you do with Netscaler - except you need to make sure that it points to the F5 device instead of Netscaler. You also need to remove the SSO profile from the configuration that the iApp creates, so let StoreFront authenticate user via native Access Gateway method.
One thing to validate on your Citrix Storefront servers. Goto the STORE that is configured w/ your F5 gateway. Click on Configure Store Settings. Click the Advanced Settings section. Locate: Require Token Consistency. This must be checked if you are using Smart Access, access control, access control filters in XenApp.
Hi. I was wondering if anyone can help me a bit on this. I ve configured smart access in the F5 APM along with a keyword, I removed SSO credentials and the SSO profile from my APM, but when I do a PCAP (tcpdump --f5 ssl) on F5 towards the backend StoreFront server and I decrypt SSL, I cannot find that keyword in the http or TLS payload in Wireshark. Am I not supposed to be able to see the keyword been sent to the Storefront servers? Do I need to logon to storefront first and then fire up an application? I thought APM gets complete once the F5 APM per session gets completed.