> Citrix ADC & Citrix Gateway

Citrix ADC & Citrix Gateway

Citrix ADC (NetScaler ADC), Citrix Gateway (NetScaler Gateway), as well as Citrix Virtual Apps and Desktops (XenApp & XenDesktop) can be integrated with Protectimus Two-Factor Authentication System using the RADIUS protocol:
  1. Install and configure Protectimus RProxy.
  2. Get registered with Protectimus SAAS Service or On-Premise Platform and configure basic settings.
  3. Configure Citrix authentication policies.
Configuring authentication policies in Citrix allows the transmission of an authentication request over the RADIUS protocol to Protectimus RProxy. Having received the request, the Protectimus RProxy component, in its turn, contacts the Protectimus authentication server to verify the one-time password of the user and returns the answer to Citrix using RADIUS.

Below is an example of integration with Citrix Gateway (NetScaler Gateway).

1. Install and configure Protectimus RProxy

Detailed instructions for installing and configuring the Protestimus RProxy component are available here.

2. Get Registered and Configure Basic Settings

  1. Register with the Protectimus Cloud Service and activate API or the Protectimus On-Premise Platform.
  2. Add Resource.
  3. Add Users.
  4. Add Tokens or activate Users’ Self Service Portal.
  5. Assign Tokens to Users.
  6. Assign Tokens with Users to the Resource.

3. Configure Citrix Gateway authentication policies

1. Configure the LDAP policy

For the first factor, we’ll use the user’s Active Directory domain authentication. To do so, configure the LDAP policy:
  1. Navigate to Citrix Gateway → Policies → Authentication → LDAP
  2. Choose the Servers tab and add a new server
  3.  Configure the LDAP connection:
    • Specify the IP address of the Active Directory server and its port. By default, the port used is 389.
      PLEASE NOTE! To support the password-change function when first logging in and upon password expiry, use LDAPS on port 636. For this function to work correctly, you must also import an SSL certificate.
    • Specify the full path to the user directory:
      CN=Users,DC=protectimus,DC=office
    • Specify the full name of the domain administrator:
      CN=admin,CN=Users,DC=protectimus,DC=office
    • Click “BindDN Password” and input the administrator password for the domain. The rest can be left as it is.
Citrix Gateway two-factor authentication setup - step 1  
  1. Navigate to the Policies tab and add the created server.
  2. For Expression, input ns_true
Citrix Gateway two-factor authentication setup - step 2

2. Configure the second factor over the RADIUS protocol

  1. Navigate to Citrix Gateway → Policies → Authentication → RADIUS; choose the Servers tab.
Citrix Gateway two-factor authentication setup - step 3  
  1. Add the server
  2. Specify the Radius server settings for connecting to RProxy
  3. Specify the IP address of the computer running RProxy and the port, as set in the configuration file, rproxy.properties
  4. Specify the SecretKey, again as set in rproxy.properties
Citrix Gateway two-factor authentication setup - step 4  
  1. Navigate to the Policies tab and choose the created server. For Expression, input ns_true
Citrix Gateway two-factor authentication setup - step 5

3. Configure the virtual server

Policy and authentication factor setup is now complete; next, you must specify them on the virtual server.
  1. Navigate to Citrix Gateway→ Virtual Servers, and choose your server; in the Basic Authentication tab, click “+”
Citrix Gateway two-factor authentication setup - step 6  
  1. Choose Policy – LDAP Choose Type – Primary. Then click Continue.
Citrix Gateway two-factor authentication setup - step 7  
  1. Click Add Binding and select a policy using Select Policy. Select the LDAP policy.
Citrix Gateway two-factor authentication setup - step 8  
  1. Do the same for Radius.
Citrix Gateway two-factor authentication setup - step 9  
  1. Choose Policy – RADIUS ChooseType – Secondary, and repeat the steps as for the LDAP policy.
Integration is now complete. If you have other questions, contact Protectimus customer support service.
Last updated on 2022-02-01