cancel
Showing results for 
Search instead for 
Did you mean: 

External user client Citrix Receiver detection failing for Chrome and Firefox

Steve_Lyons
Legacy Employee
Legacy Employee

0691T000008te9eQAA.png0691T000008te9ZQAQ.png0691T000008tbphQAA.png I am currently deploying BIG-IP 15.1.0.2 in front in front of Citrix Storefront. This solution is designed for external users performing smart card authentication to APM with KCD to Storefront.

 

Authentication is functioning as expected though when using Chrome and Firefox, the browser detection function for the webhelper is failing. When investigating further, all traffic is using the external URL of withsf.itc.demo but when the detection portion occurs, it changes to the internal URL of srvsf.itc.demo.

 

I am not sure how to resolve that but am hoping Citrix can help with that. At this point I configured clients to point to BIG-IP DNS with a record of the internal URL to resolve to the same virtual server as my external. The issue now is that this traffic should be configured for clientless-mode but it is not supported when using On Demand Cert auth.

 

Steps:

 

  1. Client Authentication - Success
  2. Client Detection - Get Ticket
  3. Storefront Server Resonse: Ticket with postback URL using internal string. https://srvsf.itc.demo/Citrix/UDF_store/clientAssistant/reportDetectionStatus
  4. Client Post With Ticket to External URL: Form item: "ticket" = "CDT_a22bziPBrKTuBnaYsVmk7iLqKHpKKjlff3gaKw1ge!X_rJJyYFaFBTpt7FeQae6B"
  5. Server: Waiting (RequestURI https://withsf.itc.demo/Citrix/UDF_storeWeb/ClientAssistant/GetDetectionStatus)
  6. Client Post: https://srvsf.itc.demo/Citrix/UDF_store/clientAssistant/reportDetectionStatus HTML Form URL Encoded: application/x-www-form-urlencoded Form item: "ticket" = CDT_a22bziPBrKTuBnaYsVmk7iLqKHpKKjlff3gaKw1ge!X_rJJyYFaFBTpt7FeQae6B" Key: ticket Value: CDT_a22bziPBrKTuBnaYsVmk7iLqKHpKKjlff3gaKw1ge!X_rJJyYFaFBTpt7FeQae6B
  7. BIG-IP 302 - /vpn/index.html
  8. Client - Get /vpn/index.html
3 REPLIES 3

Line
Nimbostratus
Nimbostratus

Hi,

 

Were you able to solve this issue? How did you perform your redirection ?

I am struggling now to make my own works, this nevers works on Chrome, but it works on Firefox.

 

Best,

Line, I am not sure we have/had the same issue but I wrote the following article for the issue I was experiencing. I am still no Citrix expert but everything in my use case is working as expected now by using the settings in the article. If the article doesn't help resolve the issue for you, let me know and I can provide some more detail on the different troubleshooting methods I used.

 

https://devcentral.f5.com/s/articles/Smart-Card-Authentication-to-Citrix-Storefront-Using-F5-Access-Policy-Manager

Steve_Lyons
Legacy Employee
Legacy Employee

This issue was resolved by configuring Storefront and APM using the following DevCentral article.

 

https://devcentral.f5.com/s/articles/Smart-Card-Authentication-to-Citrix-Storefront-Using-F5-Access-Policy-Manager