xenapp
12 TopicsTwo-factor authentication for Citrix Receiver for Windows
I have deployed F5 APM with two-factor authentication. APM is currently replacing the Web Interface / Storefront servers. Two-factor authentication is confirmed working for the Webtop, Citrix Receiver for Mac, Citrix Receiver for iOS and Citrix Receiver for Android. My issue is that Citrix Receiver for Windows doesn't appear to have the necessary options to select the Logon type of "Security token only" or "Domain and security token" like the Receiver for other OS's do. I suspect that Citrix Receiver for Windows requires some kind of configuration push from the server (which in my case is APM). Has anyone else experienced this issue or have any ideas?2KViews0likes32Commentshow do I resolve a 403 - Forbidden: Access is denied. on my Citrix loading page
I am using Xenapp 6.5 with Web Interface 5.4 its a very basic setup. When I try to open by Web Interface page, I am getting the 403 error. I have tried giving all the appropriate rights to the folders. i reinstalled asp.net and rebooted. This is a windows 2008 R2 server. IIS 7.5. I am at my wits end. i have spent hours troubleshooting this. The APP pool identity that the web interface runs under is Network Service. Any help would be appreciated.Solved1.1KViews0likes3CommentsCitrix VDI iApp template
Problem this snippet solves: You can use this F5 supported iApp template to configure availability and Secure ICA proxy remote access for Citrix XenApp or XenDesktop environments. This iApp template configures BIG-IP LTM, APM, and AFM for XenApp or XenDesktop services. When used with BIG-IP APM, this iApp template supports proxy authentication and secure remote access for all XenApp and XenDesktop HTTP-based protocols without requiring a VPN client. The iApp template includes the ability to configure BIG-IP APM for two factor authentication with RSA SecurID, and supports smart card authentication. The link below takes you to the official AskF5 SOL for Citrix VDI with instructions on downloading and using the iApp template. For the Deployment Guide, see http://www.f5.com/pdf/deployment-guides/citrix-vdi-iapp-dg.pdf Code : https://support.f5.com/kb/en-us/solutions/public/13000/700/sol13738.html641Views0likes0CommentsCitrix XenApp 5.0 Implementation Tips
I recently had the pleasure of working on a Citrix 5.0 implementation and I wanted to share a few things that I learned during that setup. As many of you know, there are two deployment guides that have been made available by F5 Networks in regards to setting up Citrix Presentation Server 4.5 in TMOS versions 9.x and 10.x. They are excellent guides and the best thing about them is that you can utilize those guides to assist you in deploying Citrix XenApp 5.0, with a few exceptions of course. Those exceptions are what I will be covering in this tech tip. Both of the previously mentioned deployment guides discuss editing files on the Citrix farms Web Interface servers so that it looks for the client IP address in the X-Forwarded-For HTTP header. Otherwise, every connection will appear to be originating from the BIG-IP LTM and not from its true IP. After reading both guides and looking at my current environment I was dismayed to find that the files and locations mentioned were no longer valid. I then turned to my top three resources on the web in the search for an answer: AskF5, DevCentral and Google. I struck out on the first two (which seldom happens) but my Google search did turn up some interesting results on the Citrix Forums. I finally found some code posted by Sam Jacobs back in August 2009 that modifies the way the Citrix farm looks up the client IP address. His method allows for the use of the X-Forwarded-For header. The first file that you will want to find and edit is the Include.java file. You will want to locate and change this file on every Web Interface XenApp server in the farm. Speaking from experience, save a copy of the original file to a safe location such as your desktop or flash drive. DO NOT copy the file and rename the original to Include.old and leave it on the server. It may sound crazy, but doing that will not work. I’m not a programmer, so I cannot tell you why that will not work, but I can tell you I know for a fact it will not. That being said, here is the file path for the Include.java file: “\Inetpub\wwwroot\Citrix\XenApp\app_code\PagesJava\com\citrix\wi\pageutils\Include.java” Now that you have found the file, open it up with a text editor (I use Textpad) and find the Java routine named “getClientAddress”. Replace the code for that routine with the code listed below. public static String getClientAddress(WIContext wiContext) { String ageClientAddress = AGEUtilities.getAGEClientIPAddress(wiContext); String userIPAddress = wiContext.getWebAbstraction().getRequestHeader("X-FORWARDED-FOR"); if (userIPAddress == null) { userIPAddress = wiContext.getWebAbstraction().getUserHostAddress(); } return (ageClientAddress != null ? ageClientAddress : userIPAddress); } Save the file and wash/rinse/repeat this step on every Web Interface server in the farm. The next thing that you will want to do is to modify the login page so that it displays the client IP address being obtained from the X-Forwarded-For header. The file you will want to edit is called “loginView.ascx” and can be found in the following file path on your Web Interface Servers: ”\inetpub\wwwroot\Citrix\XenApp\app_data\include\loginView.ascx” The code you will want to add is: Client IP: <%= com.citrix.wi.pageutils.Include.getClientAddress(wiContext) %> I added the code directly below the LoginPageControl viewControl line and it works well for me. Save the file and repeat this step on every Web Interface server in the farm and reboot each Web Interface Server after you are done. That’s it! Well, you do have to complete the other setup steps listed in the deployment guide that you are using, but after that your farm will be ready for business! I am aiming to develop some custom monitors for the Web Interface Server and for the XML Broker Servers over the next few weeks. Once I have those done I will put them out in the forums for the community enjoy. -naladar576Views0likes6CommentsCitrix Xenapp 6.5 Server with CSG - HTTP 400 Bad Request error
I have 1 Xenapp 6.5 server: On this server I have Web Interface, Secure Gateway and its my STA server as well. I have IIS set to SSL port 444 and my CSG is set to 443. I can telnet to my host https://cloud.rainiertitle.com on port 1494 and 2598 - I have disabled session reliability for this troubleshooting. My STA is generating no errors. IIS is giving no errors. This is driving me crazy. I can access everything internally, but I get the HTTP 400 Bad Request when I try to access my site externally. My DNS is working correctly. Everything resolves fine. I ran Fiddler to try to trace my https traffic and I received this error: HTTP/1.1 400 Bad request Date: Fri, 08 Aug 2014 15:35:44 GMT Server: Citrix Web PN Server Content-Length: 0 Connection: close Content-Type: text/plain Any ideas?499Views0likes5CommentsCitrix XenApp and XenDesktop
More and more organizations are using the BIG-IP system to secure, optimize, and scale their Citrix XenApp/XenDesktop deployments. Since the days when these applications were known as MetaFrame, F5 has been testing and tuning the BIG-IP system for Citrix implementations, and detailing the procedures first in our deployment guides, and now in our iApp templates for Citrix as well. Not only can the BIG-IP system act as a replacement for the Citrix Web Interface servers, but it can securely proxy Citrix ICA traffic using TCP optimization profiles which increase overall network performance for your application. You also have the option to configure the BIG-IP APM with smart card authentication or with two factor authentication using RSA SecurID. The following simple, logical configuration example shows one of the ways you can configure the BIG-IP system for Citrix Xen deployments. In this example, the BIG-IP APM Dynamic Presentation Webtop functionality is used to eliminate the need for the Citrix Web Interface StoreFront server tier. With BIG-IP APM, a front-end virtual server is created to provide security, compliance and control. The iApp template configures the APM using Secure ICA Proxy mode. In secure ICA proxy mode, no F5 BIG-IP APM client is required for network access. The BIG-IP system uses SSL on the public (non-secure) network and ICA to the servers on local (secure) network. See the deployment guide for more information. Seehttps://devcentral.f5.com/s/articles/citrix-vdi-iapp-templatefor information on using the iApp template to configure the BIG-IP system for Citrix. See https://f5.com/solutions/deployment-guidesto find the appropriate deployment guide for quickly and accurately configuring the BIG-IP system for Citrix XenApp/XenDesktop. If you have any feedback on these or other F5 guides or iApp templates, leave it in the comment section below or email us at solutionsfeedback@f5.com. We use your feedback to help shape our new iApps and deployment guides.433Views0likes2CommentsCitrix Desktop via APM - APM fails accessing XenApp on :2598, doesn't try :1494 ...?
Config: firmware 11.5.2, Big-IP 4200v, accessing XenApp server on Win2012, running Xenapp version... 7.1, i think We have an APM webtop configged to replace the Citrix Storefront, by virtue of a remote desktop resource. That's all working correctly, the broker is being accessed cleanly, and the apps permitted the user are being displayed. But we discovered we have one Citrix server that isn't listening on port 2598 (the CGPAddress from the ICA file). When we run a desktop allocated to that server via the Citrix Storefront, a capture shows that the Receiver app first tries server:2598, but gets a RST back - and moves on to use :1494, and everything works fine. When we access the same desktop over APM, a tcpdump shows that the F5 attempts server:2598 ... then stops, after receiving an RST back. Other Xenapp desktops and apps launched via APM run fine - because the XenApp server they're running on are all correctly listening on :2598 (I've verified numerous of them via tcpdump, and the APM is always using :2598). Of course we can get the one server fixed, so it IS listening on its CGPAddress:port ... but why isn't APM going on to try :1494 if unsuccessful on :2598? Is there any configuration option to make it do so? Thx!426Views0likes5CommentsCitrix XenApp Secure Access Deployment
Problem this snippet solves: With the combination of BIG-IP Access Policy Manager (APM) and Citrix ""XenApp"", organizations can deliver a complete remote access solution that allows for scalability, security, compliance and flexibility. The following iRule provides the functionality for a secure proxy connection from various Citrix clients (PN Agent, Dazzle, Receiver and Web Browser) without the need for additional clients installed on the devices. How to use this snippet: Deployment Guide: https://f5.com/solutions/deployment-guides/citrix-xenapp-or-xendesktop-release-candidate-big Code : rule APM_Citrix { when RULE_INIT { set tmm_apm_pnagent_url "/Citrix/PNAgent/config.xml" } when CLIENT_ACCEPTED { TCP::collect 7 } when CLIENT_DATA { # Disable SSL if it's HTTP CONNECT request if { [TCP::payload 7] equals "CONNECT" } { SSL::disable } TCP::release } when HTTP_REQUEST { set tmm_apm_host [HTTP::host] set tmm_apm_uri_path [HTTP::path] set tmm_apm_user_agent [HTTP::header "User-Agent"] set tmm_apm_http_method [HTTP::method] set tmm_apm_session_id "" set tmm_apm_citrix_receiver 0 set tmm_apm_citrix_pnagent 0 set tmm_apm_citrix_ica_patching 0 set tmm_apm_vip "$tmm_apm_host:[TCP::local_port clientside]" log -noname accesscontrol.local1.debug "01490000:3: Request [HTTP::request]" if { [HTTP::cookie exists "MRHSession"] } { set tmm_apm_session_id [HTTP::cookie "MRHSession"] } if { $tmm_apm_user_agent contains "CitrixReceiver" } { set tmm_apm_citrix_receiver 1 } elseif { $tmm_apm_user_agent contains "PNAMAIN" or $tmm_apm_user_agent contains "Dazzle" } { set tmm_apm_citrix_pnagent 1 } if { $tmm_apm_http_method equals "CONNECT" } { # Handle the secure proxy connect requests. Return a Proxy-Authenticate header # field with a challenge if the user is not authenticated. if { ![HTTP::header exists "Proxy-Authorization"] } { HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\"" return } set authstr [lindex [ split [HTTP::header "Proxy-Authorization"] " " ] 1 ] # Seems like the Citrix base64 encoding logic has a bug that terminates # the input string with a null byte when the extra padding characters are # added. We remove the extra null character before we decode it. set remainder [lindex [split [expr [string length $authstr] / 4.0 ] "." ] 1] if { $remainder != "0" } { if { [regsub -all {(A=)} $authstr = newstring] > 0 } { set authstr $newstring } } #Decoded string format: 52553eb5b18572cdbe7dda4a8220bf35:172.30.6.197-1494 set apm_session [ lindex [ split [b64decode $authstr] ":" ] 0 ] if { ![ACCESS::session exists $apm_session] } { HTTP::respond 407 Proxy-Authenticate "Basic realm=\"123\"" return } # User is authenticated, send the traffic to the connect proxy virtual. log -noname accesscontrol.local1.notice "01490000:3: Request for citrix resource received from session: $apm_session" ACCESS::disable use virtual citrix_connect_proxy } if { ($tmm_apm_session_id == "") && ($tmm_apm_citrix_pnagent == 1) } { if { $tmm_apm_uri_path equals $::tmm_apm_pnagent_url } { ACCESS::disable return } # If the client is PNAgent or Dazzle, extract the credentials from the # payload and insert them in HTTP headers. HTTP::header insert "clientless-mode" 1 HTTP::header insert "username" "" HTTP::header insert "password" "" if { ![info exists tmm_apm_citrix_username] && [HTTP::header exists Content-Length] } { HTTP::collect [HTTP::header Content-Length] } } if { $tmm_apm_citrix_receiver == 1 } { # Collect the user credentials and set ready for access policy validation if { $tmm_apm_uri_path equals "/cgi/login" } { HTTP::header insert "clientless-mode" 1 HTTP::header insert "username" "" HTTP::header insert "password" "" HTTP::cookie remove MRHSession HTTP::collect [HTTP::header Content-Length] } elseif { $tmm_apm_uri_path equals "/ipad" } { set AD_only "citrixreceiver://createprofile/?s=$tmm_apm_host&pname=Profile-$tmm_apm_host&gw=1&gwt=2&gwa=1" set RSA_only "citrixreceiver://createprofile/?s=$tmm_apm_host&pname=Profile-$tmm_apm_host&gw=1&gwt=2&gwa=2" set AD_RSA "citrixreceiver://createprofile/?s=$tmm_apm_host&pname=Profile-$tmm_apm_host&gw=1&gwt=2&gwa=3" HTTP::respond 200 content "<html><h2><a href=\"$AD_only\">Click here for domain only auth</a><a href=\"$RSA_only\">Click here for RSA only</a><a href=\"$AD_RSA\">Click here for Two-factor auth</a></h2></html>" } } } when HTTP_REQUEST_DATA { if { ($tmm_apm_citrix_pnagent != 1) && ($tmm_apm_citrix_receiver != 1) } { return } set payload [HTTP::payload] if { $tmm_apm_citrix_receiver == 1 } { # Parse the user credentials from the payload log -noname accesscontrol.local1.debug "01490000:3: Parsing credentials for Citrix receiver" set tmm_apm_citrix_username "" set tmm_apm_citrix_password "" set tmm_apm_citrix_password1 "" set urlvars [ split $payload "&" ] foreach {u} $urlvars { set param [ lindex [ split $u "=" ] 0 ] set value [ lindex [ split $u "=" ] 1 ] if { $param equals "login" } { set tmm_apm_citrix_username $value } elseif { $param equals "passwd" } { set tmm_apm_citrix_password $value } elseif { $param equals "passwd1" } { set tmm_apm_citrix_password1 $value } } # Insert the parsed credentials into the HTTP request as headers HTTP::header replace "username" $tmm_apm_citrix_username HTTP::header replace "password" $tmm_apm_citrix_password HTTP::release } elseif { $tmm_apm_citrix_pnagent == 1 } { # Parse the user credentials from the payload log -noname accesscontrol.local1.debug "01490000:3: Parsing credentials for Citrix PNAgent" set tmm_apm_citrix_username "" set tmm_apm_citrix_password "" if { [regexp -nocase {<username>([^<]+)</username>} $payload dummy tmm_apm_citrix_username] == 0 } { log -noname accesscontrol.local1.error "01490000:3: $tmm_apm_session_id: Username not found in the PNAgent POST body" return } if { [regexp -nocase {<password[^>]+>([^<]+)</password>} $payload dummy tmm_apm_citrix_password] == 0 } { log -noname accesscontrol.local1.error "01490000:3: $tmm_apm_session_id: Password not found in the PNAgent POST body" return } # Decode the password binary scan $tmm_apm_citrix_password c* pass set len [llength $pass] set result {} for { set i 0 } { $i < $len } { incr i } { set hi [lindex $pass $i] set hi [ expr { $hi - 0x41 } ] set hi [ expr { $hi << 4 } ] incr i set lo [lindex $pass $i] set lo [ expr { $lo - 0x41 } ] set char [ binary format c [expr {$hi + $lo}] ] append result $char } binary scan $result H* pass binary scan $result c* pass set len [llength $pass] set result {} set first [lindex $pass 0] set char [ binary format c [expr { $first ^ 0xA5 } ] ] append result $char for { set i 1 } { $i < $len } { incr i } { set prev [ lindex $pass [expr {$i-1}] ] set curr [ lindex $pass $i ] set char [ binary format c [ expr {$curr ^ $prev ^ 0xA5} ] ] append result $char } binary scan $result H* pass set tmm_apm_citrix_password [ regsub -all {\000} $result {} ] # Insert the parsed credentials into the HTTP request as headers HTTP::header replace "username" $tmm_apm_citrix_username HTTP::header replace "password" $tmm_apm_citrix_password HTTP::release } } when HTTP_RESPONSE { if { [HTTP::header Content-Type] contains "application/x-ica" } { set tmm_apm_citrix_ica_patching 1 HTTP::collect [HTTP::header Content-Length] } } when HTTP_RESPONSE_DATA { # ICA patching: if { $tmm_apm_citrix_ica_patching == 1 } { # ICA file patching: Add entries to point citrix clients to the # Citrix ICA patching virtual as their HTTP proxy. It also sets # the ProxyUsername to the APM session id to let the Citrix clients # to connect to the proxy without requesting the user to authenticate # again. log -noname accesscontrol.local1.debug "01490000:3: ICA file patching" set payload [HTTP::payload] set payload [ regsub -all {Proxy[^\n]+\n} $payload {} ] set payload [ regsub {DoNotUseDefaultCSL[^\n]+\n} $payload {} ] if { $tmm_apm_citrix_receiver == 1 } { set payload [ regsub {CGPAddress[^\n]+\n} $payload {} ] } regexp -line {Address=(.+)} $payload dummy CtxAddrPort set CtxAddr [lindex [split $CtxAddrPort ":"] 0] set CtxPort [lindex [split $CtxAddrPort ":"] 1] regexp -line {CGPAddress=(.+)} $payload dummy CGPAddrPort if { [info exists CGPAddrPort] } { set CtxPort [lindex [split $CGPAddrPort ":"] 1] } set payload [ regsub {\[WFClient\]} $payload "&\r\nProxyType=Secure\r\nProxyHost=$tmm_apm_vip\r\nProxyUsername=$tmm_apm_session_id\r\nProxyPassword=$CtxAddr-$CtxPort" ] set payload [ regsub {SSLEnable[^\n]+\n} $payload "SSLEnable=On\r\n" ] set payload [ regsub {Address[^\n]+\n} $payload "Address=$tmm_apm_host\r\n" ] HTTP::respond 200 content $payload Content-Type [HTTP::header Content-Type] } } when ACCESS_SESSION_STARTED { if { ($tmm_apm_citrix_receiver == 0) or ![info exists tmm_apm_citrix_password1] } { return } # Pass the domain password as a session variable. Logon page agent doesn't # take it from HTTP headers in clientless mode. ACCESS::session data set "session.logon.last.password1" [URI::decode $tmm_apm_citrix_password1] } when ACCESS_POLICY_COMPLETED { if { $tmm_apm_citrix_receiver == 0 } { return } set sid [ACCESS::session data get session.keydb] set result [ACCESS::policy result] # Remove the user credential variables if { [info exists tmm_apm_citrix_username] } { unset tmm_apm_citrix_username } if { [info exists tmm_apm_citrix_password] } { unset tmm_apm_citrix_password } if { [info exists tmm_apm_citrix_password1] } { unset tmm_apm_citrix_password1 } # Clear the domain password session variable created at the session validation start. ACCESS::session data set "session.logon.last.password1" "" if { $result equals "allow" } { set resp "<html><head><META HTTP-EQUIV=\"REFRESH\" CONTENT=\"0; URL=$::tmm_apm_pnagent_url\"></head><body></body></html>" ACCESS::respond 200 content $resp Set-Cookie "MRHSession=$sid;path=/;secure" Set-Cookie "NSC_AAAC=123;path=/;secure" } } }405Views0likes0CommentsIn 5 Minutes or Less Video - BIG-IP APM & Citrix XenApp
Watch how F5 customers can now simply use BIG-IP Access Policy Manager or BIG-IP Edge Gateway to consolidate access control in a central location, keeping infrastructure administration concerns to a minimum. With BIG-IP solutions, customers enjoy the flexibility and scalability needed to extend Citrix applications to both local and remote users without changing local XenApp deployments or requiring STA to provide secure remote access to applications. Highlights of deploying Citrix and F5 technologies together include: Reduced Management Time and OpEx – By simplifying and centralizing local and remote access authentication, BIG-IP solutions eliminate the need for customers to add separate Citrix STA infrastructure or make changes to existing Web Interface servers, resulting in an environment that is less expensive to deploy and requires less time to manage. Simplified Configuration and Deployment – With BIG-IP solutions, administrators can support users of Citrix applications with fewer devices, configure deployments to support flexible access models, and easily scale the environment. This fully integrated functionality makes it quick and easy for customers to set up and deploy local and remote access capabilities for Citrix applications, keeping users productive. Centralized and Comprehensive Access Control – Unlike the separate Citrix products required to adequately support applications for remote users, BIG-IP solutions provide centralized application access control and use a single access policy to support all types of users securely, so IT teams can be confident that application access is aligned with the organizations’ specific business priorities and security policies. &amp;amp;amplt;/p&amp;amp;ampgt; &amp;amp;amplt;p&amp;amp;ampgt;ps&amp;amp;amplt;/p&amp;amp;ampgt; &amp;amp;amplt;p&amp;amp;ampgt;Resources:&amp;amp;amplt;/p&amp;amp;ampgt; &amp;amp;amplt;ul&amp;amp;ampgt; &amp;amp;amplt;li&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;http://www.f5.com/news-press-events/press/2010/20101214.html&quot; _fcksavedurl=&quot;http://www.f5.com/news-press-events/press/2010/20101214.html&quot;&amp;amp;ampgt;F5 Simplifies and Centralizes Access Management for Citrix Applications&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/li&amp;amp;ampgt; &amp;amp;amplt;li&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;downloads.f5.com&quot; _fcksavedurl=&quot;downloads.f5.com&quot;&amp;amp;ampgt;BIG-IP v10.2.1 Download (Log in required)&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/li&amp;amp;ampgt; &amp;amp;amplt;li&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;http://www.f5.com/products/big-ip/access-policy-manager.html&quot; _fcksavedurl=&quot;http://www.f5.com/products/big-ip/access-policy-manager.html&quot;&amp;amp;ampgt;BIG-IP Access Policy Manager&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/li&amp;amp;ampgt; &amp;amp;amplt;li&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;http://www.f5.com/products/big-ip/edge-gateway.html&quot; _fcksavedurl=&quot;http://www.f5.com/products/big-ip/edge-gateway.html&quot;&amp;amp;ampgt;BIG-IP Edge Gateway&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/li&amp;amp;ampgt; &amp;amp;amplt;li&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;https://www.youtube.com/user/f5networksinc&quot; _fcksavedurl=&quot;https://www.youtube.com/user/f5networksinc&quot;&amp;amp;ampgt;F5 YouTube Channel&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/li&amp;amp;ampgt; &amp;amp;amplt;/ul&amp;amp;ampgt; &amp;amp;amplt;table border=&quot;0&quot; cellspacing=&quot;0&quot; cellpadding=&quot;2&quot; width=&quot;325&quot;&amp;amp;ampgt;&amp;amp;amplt;tbody&amp;amp;ampgt; &amp;amp;amplt;tr&amp;amp;ampgt; &amp;amp;amplt;td valign=&quot;top&quot; width=&quot;200&quot;&amp;amp;ampgt;Connect with Peter: &amp;amp;amplt;/td&amp;amp;ampgt; &amp;amp;amplt;td valign=&quot;top&quot; width=&quot;123&quot;&amp;amp;ampgt;Connect with F5: &amp;amp;amplt;/td&amp;amp;ampgt; &amp;amp;amplt;/tr&amp;amp;ampgt; &amp;amp;amplt;tr&amp;amp;ampgt; &amp;amp;amplt;td valign=&quot;top&quot; width=&quot;200&quot;&amp;amp;ampgt;&amp;amp;amplt;a href=&quot;http://www.linkedin.com/pub/peter-silva/0/412/77a&quot; _fcksavedurl=&quot;http://www.linkedin.com/pub/peter-silva/0/412/77a&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_linkedin[1]&quot; border=&quot;0&quot; alt=&quot;o_linkedin[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_linkedin.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;https://devcentral.f5.com/s/weblogs/psilva/Rss.aspx&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/psilva/Rss.aspx&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_rss[1]&quot; border=&quot;0&quot; alt=&quot;o_rss[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_rss.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;http://www.facebook.com/f5networksinc&quot; _fcksavedurl=&quot;http://www.facebook.com/f5networksinc&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_facebook[1]&quot; border=&quot;0&quot; alt=&quot;o_facebook[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;http://twitter.com/psilvas&quot; _fcksavedurl=&quot;http://twitter.com/psilvas&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_twitter[1]&quot; border=&quot;0&quot; alt=&quot;o_twitter[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;/td&amp;amp;ampgt; &amp;amp;amplt;td valign=&quot;top&quot; width=&quot;123&quot;&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;http://www.facebook.com/f5networksinc&quot; _fcksavedurl=&quot;http://www.facebook.com/f5networksinc&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_facebook[1]&quot; border=&quot;0&quot; alt=&quot;o_facebook[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_facebook.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;http://twitter.com/f5networks&quot; _fcksavedurl=&quot;http://twitter.com/f5networks&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_twitter[1]&quot; border=&quot;0&quot; alt=&quot;o_twitter[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_twitter.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;http://www.slideshare.net/f5dotcom/&quot; _fcksavedurl=&quot;http://www.slideshare.net/f5dotcom/&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_slideshare[1]&quot; border=&quot;0&quot; alt=&quot;o_slideshare[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_slideshare.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt; &amp;amp;amplt;a href=&quot;https://www.youtube.com/f5networksinc&quot; _fcksavedurl=&quot;https://www.youtube.com/f5networksinc&quot;&amp;amp;ampgt;&amp;amp;amplt;img style=&quot;border-right-width: 0px; display: inline; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px&quot; title=&quot;o_youtube[1]&quot; border=&quot;0&quot; alt=&quot;o_youtube[1]&quot; src=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png&quot; _fcksavedurl=&quot;https://devcentral.f5.com/s/weblogs/images/devcentral_f5_com/weblogs/macvittie/1086440/o_youtube.png&quot; width=&quot;24&quot; height=&quot;24&quot; /&amp;amp;ampgt;&amp;amp;amplt;/a&amp;amp;ampgt;&amp;amp;amplt;/td&amp;amp;ampgt; &amp;amp;amplt;/tr&amp;amp;ampgt; &amp;amp;amplt;/tbody&amp;amp;ampgt;&amp;amp;amplt;/table&amp;amp;ampgt; &amp;amp;amplt;p&amp;amp;ampgt;Technorati Tags: &amp;amp;amplt;a href=&quot;http://technorati.com/tags/F5&quot; _fcksavedurl=&quot;http://technorati.com/tags/F5&quot;&amp;amp;ampgt;F5&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/in+5+minutes&quot; _fcksavedurl=&quot;http://technorati.com/tags/in+5+minutes&quot;&amp;amp;ampgt;In 5 Minutes&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/integration&quot; _fcksavedurl=&quot;http://technorati.com/tags/integration&quot;&amp;amp;ampgt;integration&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/bigip&quot; _fcksavedurl=&quot;http://technorati.com/tags/bigip&quot;&amp;amp;ampgt;big-ip&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/Pete+Silva&quot; _fcksavedurl=&quot;http://technorati.com/tags/Pete+Silva&quot;&amp;amp;ampgt;Pete Silva&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/security&quot; _fcksavedurl=&quot;http://technorati.com/tags/security&quot;&amp;amp;ampgt;security&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tag/business&quot; _fcksavedurl=&quot;http://technorati.com/tag/business&quot;&amp;amp;ampgt;business&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tag/education&quot; _fcksavedurl=&quot;http://technorati.com/tag/education&quot;&amp;amp;ampgt;education&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tag/technology&quot; _fcksavedurl=&quot;http://technorati.com/tag/technology&quot;&amp;amp;ampgt;technology&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/application+delivery&quot; _fcksavedurl=&quot;http://technorati.com/tags/application+delivery&quot;&amp;amp;ampgt;application delivery&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/citrix&quot; _fcksavedurl=&quot;http://technorati.com/tags/citrix&quot;&amp;amp;ampgt;citrix&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/cloud&quot; _fcksavedurl=&quot;http://technorati.com/tags/cloud&quot;&amp;amp;ampgt;cloud&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/context-aware&quot; _fcksavedurl=&quot;http://technorati.com/tags/context-aware&quot;&amp;amp;ampgt;context-aware&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/xenapp&quot; _fcksavedurl=&quot;http://technorati.com/tags/xenapp&quot;&amp;amp;ampgt;xenapp&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/automation&quot; _fcksavedurl=&quot;http://technorati.com/tags/automation&quot;&amp;amp;ampgt;automation&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/web&quot; _fcksavedurl=&quot;http://technorati.com/tags/web&quot;&amp;amp;ampgt;web&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/video&quot; _fcksavedurl=&quot;http://technorati.com/tags/video&quot;&amp;amp;ampgt;video&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/blog&quot; _fcksavedurl=&quot;http://technorati.com/tags/blog&quot;&amp;amp;ampgt;blog&amp;amp;amplt;/a&amp;amp;ampgt;, &amp;amp;amplt;a href=&quot;http://technorati.com/tags/F5+APM&quot; _fcksavedurl=&quot;http://technorati.com/tags/F5+APM&quot;&amp;amp;ampgt;APM&amp;amp;amplt;/a&amp;amp;ampgt;&amp;amp;amplt;/p&amp;amp;ampgt;&amp;amp;amplt;/body&amp;amp;ampgt;&amp;amp;amplt;/html&amp;amp;ampgt; ps Resources: F5 Simplifies and Centralizes Access Management for Citrix Applications BIG-IP v10.2.1 Download (Log in required) BIG-IP Access Policy Manager BIG-IP Edge Gateway F5 YouTube Channel385Views0likes2CommentsCitrix: custom parameters
Hi could someone explain how are used those Custom Parameters? Will they be inserted in the ICA file that the XML brokers send back to APM (I have a Webtop replaces WI deployment)? Any resource I could get the list of such parameter and their description? Thanks Alex365Views0likes4Comments