For the kind of simplicity that was approached by Leonardo da Vinci, invested organizations in XenApp and / or XenDesktop for , use the provision of safe the NetScaler Gateway function on the NetScaler remotely accessing virtual applications and desktops. It is common to use this function to make proxy ICA and SSO / web interface to showcase. This allows them to present applications and desktops, after the authentication, authorization and auditing of NetScaler control granular. 
Several organizations also SSL VPN on the NetScaler NetScaler with a gateway vServer.
- use
- configure to a landing page for showcase
- This allows them to be presented to introduce a portal for the company's own virtual applications and desktops with XenApp and XenDesktop.
at this point their user authentication only once. You get SSO from the SSL-VPN Gateway NetScaler vServer to showcase and to see their applications and desktops.
But what if they want to, telemetry and information about application and desktop use within the full SSL VPN tunnel? you would configure HDX Insight for the ICA Proxy Gateway NetScaler VPS on the same NetScaler. But when the landing page for the SSL VPN NetScaler Gateway vServer as ICA proxy NetScaler Gateway vServer configured their users will again authenticate the ICA proxy NetScaler Gateway vServer after NetScaler Gateway vServer on the SSL VPN authentication. to avoid
Re-Authenticate with
We SSO between the SSL VPN Gateway NetScaler vServer and the ICA Proxy Gateway NetScaler vServer by a small change to the file index.html and the use of a responder configure policy End result: a "Seamless user Experience, Provides visibility with HDX Insight
- users watch sslvpn.company.com
- Enter forwarded username / password and click on Login
- on icaproxy.company.com and their applications and desktops see application visibility and telemetry with HDX Insight AppFlow published with XenApp / XenDesktop
- Get icaproxy.company.com activated
the following steps describe the process for single sign-on from a SSL VPN Gateway NetScaler vServer to ICA proxy NetScaler Gateway
configuration :.
1. Load index.html to your computer. Note:. Make sure that you have a backup copy of the original file
2. Open the file for editing with favorite document editor software.
3. Locate the following section of text. The row in which this section is will vary from the version of NetScaler:
Logon Box -> 4. Add described the following text immediately after the section in Step 3: type = "text / javascript"> var today = new Date (); function setCookie (name, value) {// use: setCookie ( "name", value); function store values (form) { Note: This was tested and the Black and Blue Carbon theme for the green bubble theme. and the process is to create the cookie like that we use for creating domain cookies when we have a domain drop-down on the ICA proxy have NetScaler Gateway VPS login page as in http://support.citrix.com/article/CTX118657.[1945003dokumentiert] 5. The next two lines should read as follows: name = "vpnForm" AutoComplete = "off" style = "margin: 0" 6. The HTML code should now read as follows: 7. Make sure login and passwd cookies do not contain the user name and password when the user authenticates to the SSL VPN VPS login page. 8. Config for Login SSL VPN on ICA Proxy when the user on the SSL VPN login page authenticates: Responder action LOGIN_TO_AGEE_action RespondWith add "" "+ " ”+””+””” -bypassSafetyCheck YES Add Responder policy hostname_is_agee.company.com.rp "http.REQ.HOSTNAME.EQ (" icaproxy. company.com ") && (http.REQ.URL.EQ (" / ") || http.REQ.URL.EQ (" / cgi / login ") || http.REQ.URL.EQ bind ( "/ vpn / index.html ")) && http.REQ.HEADER ( "cookies "). CONTAINS ( "login ") "LOGIN_TO_AGEE_action responder global hostname_is_agee.company.com.rp 100 END -type REQ_OVERRIDE the responder policy can be bound in ICA proxy vServer , This is just one example. The responder action is nothing more than a POST in icaproxy.company.com/cgi/login for SSO to the ICA Proxy Gateway NetScaler vServer. The login and passwd cookies can be encrypted and backed up again, as described in the following blog: / blog / 05.08.2011 / secure-che make use cookies-before-it-is-to-end /. The sample code provided in this article, as is with no representations, warranties or conditions of any kind. You can use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES OF ANY KIND, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) may include the sample code errors, design flaws or other problems that may cause data loss or damage to property; (B) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, no longer available to make the current version and / or future versions of the sample code. In no event should the code to support ultra-hazardous activities, including but not limited to use life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS IN BREACH OF CONTRACT OR ANY OTHER LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THE SAMPLE CODE, INCLUDING DIRECT, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright belongs in the code to Citrix, any distribution of the code should have only your own standard of the owner of the rights, and not by Citrix. You agree to indemnify and defend Citrix against any claims arising from the use, modification or distribution of the code created.
function getCookie (name) {// use: getCookie ( "name");
var re = new RegExp (name + "= ([^;] +)");
var value = re.exec (document.cookie);
return (! Value = null)? unescape (value [1]): null;
}
var flow = new Date (today.getTime () + 28 * 24 * 30 * 1000); // Plus 28 days
var expired = new Date (today.getTime () - 24 * 30 * 1000); // Less 24 hours
document.cookie = name + "=" + escape (value) + "; domain = .company.com ; path = /; expires =" + expiry.toGMTString ();
}
setCookie ( "Login" form.login.value);
setCookie ( "passwd", form.passwd.value);
return true;
}
onSubmit = "clean_name_cookie (this);">
Please note:
Disclaimer
« Prev Post
Next Post »
0 Komentar