SSL VPN
Reply
Contributor
Billy
Posts: 32
Registered: ‎11-25-2007
0

CITRIX Xendesktop with IVE

My customer has contructed the CITRIX server-hosted virtual desktop for their IT
infrastructure.
Users have to connect the local CITRIX server using 'Xendesktop' client program.
The problem is that he wants users outside the network connect to local CITRIX server
through SSLVPN.
I'm sure it simply works if user connect to the server using Network-Connect.
But my customer want SSO. (Outside user doesn't have to input their ID/PW for both of
CITRIX and SSL).
Is it possible the authentication of NC and Xendesktop could be integrated?

If not, is there any solution for archiving it?

And Xendesktop's STA(Secure Ticket Authorith) could work over IVE's SSL session?

Super Contributor
srigelsford
Posts: 203
Registered: ‎04-14-2008
0

Re: CITRIX Xendesktop with IVE

Hi,

 

You cannot SSO with network Connect.

 

You can however use a Web bookmark to point to the web frontend of Citrix, and use SSO there.

You could then launch Network Connect, or Secure Application Manager if required.

 

Depending on the version of Citrix you may need to look at the page source to get the right SSO perametres, I'm pretty sure there is something in the knowledgebase for this though. http://kb.juniper.net

 

Sam.

Contributor
Lord_Edam
Posts: 26
Registered: ‎11-09-2009
0

Re: CITRIX Xendesktop with IVE

Are they logging on to their client machines with credentials Citrix will accept? If so, provided they can access the XML server & the relevant citrix servers it should work for them. won't work with netconnect if they're logging on to the client machines with different credentials, but in this case you could use the web landing page & publish a terminal services profile which lists their citrix applications instead (and if they still need netconnect, autolaunch that through the web page)

Contributor
Billy
Posts: 32
Registered: ‎11-25-2007
0

Re: CITRIX Xendesktop with IVE

Thanks for reply.
Both of SA and CITRIX have the same external authentication server(Active Directory).
User's credential could be delivered to CITRIX server by Virtual Desktop Bookmark's SSO on SA.
First time I try to this connection, it didn't work.
I've got raw data from SA's internal port.
It seemed Citrix WEB interface server of which the ip address was inserted on "Virtual Desktop profile" of SA sent the "HTTP 500 Internal Server Error".

+----------------------------------------------------------------------
#####  SA => Citrix web interface server #####
    POST /scripts/wpnbr.dll HTTP/1.1
    Host: sbc.lgcns.com
    Pragma: no-cache
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
    Content-Type: text/xml
    Connection: close
    Content-Length: 468
    <?xml version="1.0" encoding="ISO-8859-1" ?>
    <!DOCTYPE NFuseProtocol SYSTEM "NFuse.dtd">
    <NFuseProtocol version="5.0">
    <RequestAppData>
    <Scope traverse="subtree"></Scope>
    <DesiredDetails>all</DesiredDetails>
    <AppName></AppName>
    <ServerType>all</ServerType>
    <ClientType>ica30</ClientType>
    <Credentials>
    <UserName>testid</UserName>
    <Password encoding="cleartext">testpassword</Password>
    <Domain type="NT">TESTDOMAIN</Domain>
    </Credentials>
    </RequestAppData>
    </NFuseProtocol>

#####  Citrix Web Interface server => SA ####
    HTTP/1.1 500 Internal Server Error
    Content-Type: text/html
    Server: Microsoft-IIS/7.0
    X-Powered-By: ASP.NET
    Date: Wed, 30 Jun 2010 08:00:39 GMT
    Connection: close
    Content-Length: 1160
   
   
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ks_c_5601-1987"/>
    <title>500 - .... .... .....</title>
    <style type="text/css">
    <!--
    body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
    fieldset{padding:0 15px 10px 15px;}
    h1{font-size:2.4em;margin:0;color:#FFF;}
    h2{font-size:1.7em;margin:0;color:#CC0000;}
    h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
    #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
    background-color:#555555;}
    #content{margin:0 0 0 2%;position:relative;}
    .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
    -->
   
    </style>
    </head>
    <body>
    <div id="header"><h1>.... ....</h1></div>
    <div id="content">
     <div class="content-container"><fieldset>
      <h2>500 - .... .... .....</h2>
      <h3>.... .... ........ ...... .... ...... .. .........</h3>
     </fieldset></div>
    </div>
    </body>
    </html>
+----------------------------------------------------------------------

I guess SA sent user's credential using XML form and Citrix couldn't accept it.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.