Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

F5 APM - SAML Auth with Citrix Workspace App

dluzzi
Nimbostratus
Nimbostratus

‎22-Aug-2019 12:16

Hello,

 

I have configured SAML auth with AzureAD with APM and storefront web interface with no issues. Im wondering if anyone has tried getting the local receiver/workspace app to work? It looks like the local client now supports SAML auth coming from a netscaler, however not sure if APM can trigger the app to redirect it to Azure to login.

Labels:
0 Kudos
9 REPLIES 9

Dave_W
F5 Employee
F5 Employee

‎13-Sep-2019 12:38

Hello, I believe this depends client. So if the Workspace client supports SAML then it should work.

0 Kudos

dluzzi
Nimbostratus
Nimbostratus
In response to Dave_W

‎23-Sep-2019 08:32

I have tested with workspace app 1902, which does support SAML from citrix cloud/netscaler. I copied the settings from the web interface to receiver after the pre-check but it doesnt redirect to azure, just gets a normal login prompt.

0 Kudos

Dave_W
F5 Employee
F5 Employee
In response to dluzzi

‎24-Sep-2019 13:34

Hello, so do you mean the Workspace app or Receiver app or am I misunderstanding?

0 Kudos

dluzzi
Nimbostratus
Nimbostratus
In response to dluzzi

‎25-Sep-2019 13:15

Hi,

 

Sorry realized that last reply wasn't that clear. So here is the policy I'm trying:

0691T000005me3aQAA.png

So through the browser SAML works fine.

 

When connecting via workspace/receiver app tried both latest receiver version and latest workspace version and it fails just gives the apps login prompt for username and password. I do have a test cloud account was able to get it work through there with the same workspace/receiver app so im guessing there is more to it that APM would need to trigger the app to redirect to the SAML IP to login.

 

0 Kudos

Dave_W
F5 Employee
F5 Employee
In response to dluzzi

‎26-Sep-2019 08:06

Hi, as far as I can tell it should be supported. The SAML logging in APM is pretty good as far as useful errors. I would set the Access Policy logs to debug and see if you are getting an error.

0 Kudos

StevenL
Nimbostratus
Nimbostratus

‎26-Dec-2019 00:52

I'm currently having the same issue.

Has this been solved? If so, what's the solution?

0 Kudos

Dathi
Nimbostratus
Nimbostratus

‎16-Oct-2020 13:05

I am trying to get the SAML auth with ADFS(on prem) to storefront. My policy looks as below.

For some reason, upon entering my fqdn, it rightly gets authenticated on ADFS and then stops at the storefront logon page. Does not SSO into it.

 

Not sure what might be the issue. Could you think of anything ?

 

0691T000009j6KPQAY.png

0 Kudos

Niklas_Sävenstedt
Nimbostratus
Nimbostratus

‎02-Jun-2022 00:24

Hi

Did anyone solve this?

We're having almost the same setup. On prem farm with Storefront, behind F5 APM and ADFS as IDP, and Citrix FAS to support certificate logon.

Web access works flawlessly, and Citrix Workspace App with username/password also works, but we would like to have the same logon through ADFS and SAML with MFA for the Worksspace App, because of the risk of only using simple username/password domain logon from Internet.

I think the problem is in APM and that the policy doesn't trigger a redirect in the App, but I'm not sure.

I know Citrix doesn't support the solution with F5 APM, but have anyone managed to solve this?

Best regards, Niklas

0 Kudos

Clifford_Ainswo
F5 Employee
F5 Employee

‎25-Jul-2023 00:27

To save anyone else any frustration with this topic I had it confirmed as of July '23 (and not likely to change). Only the browser and not the Citrix client are supported with this method of authentication.

0 Kudos
Copyright © 2023 Khoros, LLC