An increasing number of customers use a single virtual server NetScaler gateway to access XenApp / XenDesktop / XenMobile delivery controllers residing in several areas in the corporate network. One reason could be that StoreFront different from the web interface requires domain membership -. Thus, when using Single Sign-On with NetScaler gateway you need to know how StoreFront cluster to direct users after successful authentication NetScaler
While the NetScaler 10.1 allows the group of extraction to the card authentication session to policies (see https://www.citrix.com/content/dam/citrix/en_us/documents/downloads/netscaler-adc/Citrix%20NetScaler%2010.1% 20Release 20notes.pdf%), there are currently two ways to use multiple authentication policies with a single vServer NetScaler gateway.
1) Cascade multiple policies (all with the phrase "ns_true")
When a user logs in, their user name and password are checked against each policy until that one matches. If all fails, access is denied. While this works well, it is not an ideal solution, because when access to a greater number of Active Directory domains, the authentication process may suffer from performance. In addition, authentication requests failed on the mismatch of the domain controllers may increase.
2) Use a drop-down field field as described in http://support.citrix.com/article/CTX118657
Most Don customers' like this solution because users could be confused and you might have to expose your internal domain name to the public.
JavaScript and Citrix Consulting to the rescue!
If you can educate your users to authenticate to NetScaler Gateway using their user principal name (UPN user@domain.com) or samAccountName with domain (domain user), you can use JavaScript to extract the domain part, stored in a cookie and enforce authentication. policy based on the value of the cookie
So, here we go:
Locate the following code in the /netscaler/ns_gui/vpn/index.html:
Insert the following code just below (this also works when you enter "domain username")
Then add the function to the "onsubmit "attribute of the login form:
finally, use a check expression for this cookie value in your policy auth (REQ.HTTP.HEADER cookie CONTAINS" domain.com ").
support
This customization is not officially supported by Citrix. . Before contacting Citrix Support on a problem with NetScaler bridge you must undo the changes made by restoring the backup copies of the files we changed above
In other words, our usual warning applies:
This code is provided "as is" without representation, warranty or condition of any kind. You can use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES, EITHER EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may have errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (B) it may not be possible to fully functional software application; and (c) Citrix may, without notice or liability to you, cease to provide the current and / or future versions of the software application. In any case, the code must be used to support ultra-hazardous activities, including but not limited to life support or blasting operations. CITRIX, ITS AFFILIATES OR AGENTS BE LIABLE FOR BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY FOR ANY DAMAGES ARISING FROM THE USE OF THE APPLICATION SOFTWARE, INCLUDING WITHOUT LIMITATION DIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL OTHER SPECIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any claim arising from your use, modification or distribution of the code.
0 Komentar