Citrix Receiver via accessing with 2fa not RSA radius server
Dear All We have a scenario where the user logs in via citrix receiver which is hosted via f5 , we have enabled AD auth through apm and all is working fine. But now we need to add 2fa .It is not RSA but a radius server. We did it for if the user logs in via web browser and everything is working fine.We tested it out . But when we do the same flow for if the user uses citrix receiver to access , then its giving wrong credentials. We gave in VPE Radius AUTH->AD auth and SSO and still its not working.if we put in the AD auth and then RADIUS AUTH , then the radius server doesn't get any hits.So we put as RADIUS AUTH then AD AUTH .it hits radius server and we can see radius is sending an accept-accept response as well but yet the credentials is not getting authenticated. We have been at it for a while now and its getting frustrating.I dnno what more to do.I tried using variable assign for username and password as well , so that its info is passed on for AD auth bu under event system access logs, it keeps giving pre authentication has failed. PLEASE LET ME KNOW WHAT TO DO . Thank you
Issue with Citrix Receiver iApp MFA and APM 13.1.0.1
I just upgraded APM from 12.1.2 HF2 to 13.1.0.1. One major reason was to allow users to add their VPN account into Citrix Receiver and log in through APM without having to use a webtop or go through endpoint inspection, etc. I tried using the Citrix 2.4.3 iApp template to get it to work, but I could only get a login box that provided a single password box (vs the additional passcode box needed for the 2fa). I was finally able to fix the issue but removing the logon page object from the access policy and use the Citrix Logon Prompt object along with setting it to use 2 factor authentication. Here's what it looks like: This works so well! I put in a ticket to see about having the iApp template updated, but I thought I'd pass it along to anyone that may need some help with it!
Citrix Receiver can I force the web interface first
I'm running the citrix iapp, latest version 2.4.2. The iapp creates a path for the receiver and web interface, I want to see if anyone knows how I can prevent direct access through the receiver. I want to be sure users go through the web interface first. I'm running DUO for 2 factor, works great but requires the web browser login. I know DUO works direct with Citrix and Citrix itself does multi-factor authentication but I want to do all I can to keep the process through DUO for consistency. I have a portal that includes citrix.
Configuring F5 with iApp and Storefront 3.x
Hello everyone, I would like your feedback and if possible the steps that are required to implemented a recent Citrix infrastructure (Storefront 3.0 + ) with F5 network equipment doing the load-balancing and mainly the Access Policy Manager (with iApp) ? We are struggling to implement it Our goals are: 1- Be in HTTPS from the Citrix Receiver to the F5 and to the Storefront 2 - Make sure that all traffic come and go through the F5 3 - Allow the Storefront to know the IP of the client machine with the Receiver and not having the IP of the F5 as client's IP 4 - Be able afterwards to implement SSO or other advanced features of the Receiver So far we have a F5 configured with the iApp, that is configured to forward the IP of the client to the Storefront but the Storefront keep seeing the IP of the F5 and not the client. The traffic is in HTTP between the F5 and the Storefront. But all traffic go through the F5. Our version of the Storefront is: 3.0.1.57 Thank you for your advices ! Let me know if you need more infoAccessing XenDesktop via APM, Citrix Desktop Viewer not displaying
Environment: BIG-IP 4200v, LTM 11.5.2 plain, with APM fully licensed We have integrated Citrix by adding a Remote Desktop for which the destination is a pool of Citrix XML brokers. That all works well in general. However, when users access a remote desktop via this approach, they report that they are not able to access the toolbar that has a Ctrl-Alt-Del button. When they access directly via a Citrix Web Storefront interface to the same application server, they are able to access the toolbar. I'm pretty convinced it has to be something in the ICA file delivered from the F5 that's different - but not completely sure. There are differences, if you compare the F5-delivered ICA and the WSF-delivered ICA ... but none are obviously involved. Based on articles online, I did add to the F5 Custom Parameters for the Citrix ICA the following: ConnectionBar=1 ShowDesktopViewer=On And I've confirmed those values are being added to the F5-delivered ICA, but it doesn't appear to have helped. Thoughts? Thx.
