Need to integrate SSO for NetScaler gateway page login

[Abhinandan Kunne]

Hi,

 

I am new in NetScaler. We have build gateway virtual server to access storefront publish desktop and application. In current flow NetScaler will provide login page and prompt for credentials which is further validated by LDAP server configure and attached with this same gateway virtual server. But now we want to enable SSO for this login so when ever domain user login though office system/domain join system it will directly reach to storefront page via gateway virtual server page. If it is not domain system it will provide login page and prompt for credentials. This can be achieve in storefront enabling "PassThrough Authentication" but is there any think link this can be done on NetScaler Gateway level.

 

Thank You.    

[CarlStalhood]

In Workspace app 1808 and newer, you can enable Single Sign-on for NetScaler Gateway using group policy for Workspace app.

 

[Abhinandan Kunne]

Thanks Carl.

 

Is there any other way to do this. Like in NetScaler ADC policy which read end system settings/windows settings and perfrom SSO for gateway virtual server web page access. 

 

Thanks.

[Mathieu BRUSTON1709159739]

Hello,

 

it's possible but quite more harder.

You have to create a AAA vserver on the netscaler (and also have at least an enterprise edition). on this AAA vserver you will be able to add a negotiate policy (for kerberos) and another in ldap (for the form base)

 

on the netscaler gateway, you will have to add an authentication profile that use your AAA.

 

 

Regards,

[Abhinandan Kunne]

Thanks Carl and Mathieu for the solution.

[tylital520]

Hi Mathieu and Carl,

 

we have a similar requirement: users access our Citrix Virtual Apps and Desktops with Receiver Self Service, and the connection goes always through NetScaler Gateway (forced with beacons). The Store has "Pass-through from Citrix Gateway" enabled. At the moment users are able to access the Store but even if Workspace App is installed with /includeSSON it will always ask for username and password.

 

If I download the admx/adml files and enable the GPO setting Carl instructs above SSO works, so the Receiver no longer asks the username and password but signs in automatically. I guess there's no command line switch to enable this when installing Workspace App? The problem is that we have no access to our end users PC's, and modifying Group Policies is not something I'd like to instruct our end users to do.

 

Mathieu, could you please share more instructions about how I could enable this with AAA vServer. We have NetScaler VPX Enterprise license.

 

 

[Kari Ruissalo]

I have now done the following steps:

• Enable GPO setting
• Add the URL to Local Intranet
• Installed WSApp with SSON enabled

... still I'm presented with the authentication dialog.

 

Is the Kerberos configuration really required for this to work (Carl/Mathieu)? It's nightmareish to configure in a multi-supplier environment where the AD is managed by a third party.

[Dieter Verschueren]

Have you ever got this working?

Facing the same issue after configuring the necessary GPO settings for Gateway SSO