asked on

iPhone citrix reciever with Citrix Access Gateway

Hello Experts,

Iam runnin a setup with a Citrix Access Gateway and a Citrix 4.5 presentation server.
I want to connect to the citrix server (apps) from our iPhones.

Steps I have done to accomplish this:
- I have loaded our certificate on the iPhone using the iPhone Configuration Utility.
- I have created a PNAgent site on the Citrix server
- I have tried to configure the actual Citrix reciever client on the Iphone.

I cant connect!

Our Citrix setup is made so that I have to log in 2 times. First time I log into the Access Gateway. Then Iam forwarded to the Citrix server, where I have to log in again to get my apps.

Any ideas what I still need to set up? Do I have to make changes on my Access Gateway?

Any help greatly apreciated

Thanks in advance

basraj

To configure Access Gateway Advanced Edition for Citrix Receiver for mobile devices

To configure the XenApp Services site

If you do not already have a XenApp Services site created, in the XenApp console or Web Interface console (depending on the version of XenApp you have installed), create a XenApp Services site for mobile devices.

The Receiver for mobile devices uses a XenApp Services site (formally Program Neighborhood Agent site) to get information about the applications a user has rights to and presents them to the Receiver running on the device. This is similar to the way you use the Web Interface for traditional SSL-based XenApp connections for which an Access Gateway can be configured. XenApp Services sites running on the Web Interface 5. x have this configuration ability built in.

Configure the XenApp Services site for the Receiver for mobile devices to support connections from an Access Gateway connection.

In the XenApp Services site, select Manage secure client access > Edit secure client access settings.
Change the Access Method to Gateway Direct.
Enter the FQDN of the Access Gateway appliance.
Enter the Secure Ticket Authority (STA) information.
To configure the Access Gateway appliance
Configure the Access Gateway appliance to use the Access Gateway Advanced Edition.

In the Administration Tool, click the Access Gateway Cluster tab and open the window for the appliance.
On the Advanced Options tab, click Advanced Access Control.
Continue by configuring the settings for the server running Advanced Access Control.
To configure the server running Advanced Access Control
On the server running Advanced Access Control, from your Logon Point, verify that the authentication method you prefer is set up and working. Active Directory authentication, SMS authentication (http://smspasscode.com) (iPhone only), and RSA SecurID are the three supported authentication methods for v1.x of the Receiver for mobile devices. In the Logon Point Properties dialog box, click Authentication, and select a supported authentication method for the mobile device:
For single-factor authentication, select Active Directory, LDAP, or RADIUS (which can be used for RSA SecurID or Active Directory authentication).
For double-source authentication, under Active Directory, select RSA SecurID, which can be used with either RADIUS or an sdconf.rec file to enable token authentication.
Test a connection from a user device to verify that the Access Gateway is configured correctly in terms of networking and certificate allocation.

On the server running Advanced Access Control, create and deploy a second Logon point (you can verify the existence of the logon point by using this address in the Web browser through the Access Gateway, such as https://FQDNofAccessGateway/CitrixLogonPoint/iPhone).
Citrix recommends using the device name as the name for this logon point because the Receiver uses this name as the default logon point for that type of device; otherwise, enter the full URL, such as https://FQDNofAccessGateway/CitrixLogonPoint/<2ndLogonPointName>/) in the Receiver settings.

Create a Web resource (MobileDevicePNA) for the XenApp Service site of the mobile device, created in Step 6.
On the Web Resource Properties page for URL Addresses, set the home page and display order for the device logon point:
Ensure your XenApp Service sites are listed under URL, the Application Type is Web Application (not Web Interface), and the Authentication Type is No authentication.
Select Publish for users in their list of resources and set Home page to your XenApp Services site URL. Example: http://webserver.domain.com/Citrix/PNAgent/Config.xml
Select the new Logon Point and set the following properties:
On the Select Home Page tab, select the option to display the home page application and set the display order so that the Web resource home page for the mobile device has the highest priority.
On the Authentication tab, select the method to authenticate users connecting to the Access Gateway using the Access Gateway plug-in.
On the Session Settings tab, clear the check box for Time to prompt user before password expires.
On the Visibility tab, select Allow external users access to this logon point.
For more information about creating policies for the Access Gateway and XenApp, see the Access Gateway documentation. Product documentation is available online in Citrix eDocs.

In the console under Policies, create a filter applied to this logon point. Right-click Filters, and select Create filter.
In Filter Properties, click the Logon Points tab.
In the Selected logon points list, add the Logon Point name for the mobile device.
Create a policy for this Logon Point, such as mobile-device-policy, and set the following Policy Properties:
On the Resources tab, select the check boxes for Web Resources > MobileDevice and for Allow Logon.
On the Settings tab, ensure that the value for Web Resources > Access and Network Resources > Access are set to Allow. This setting allows users to access the Web resource and allows the Logon to this logon point.
On the Filter tab, select the mobile device filter to apply to the policy.
Note: If the server certificate used on the Access Gateway is part of a certificate chain (with an intermediate certificate), make sure that the intermediate certificates are also installed correctly on the Access Gateway. For information about installing certificates, see the Access Gateway documentation.
To configure the mobile device for the Receiver application
In Account Settings, in the Address field, enter the matching FQDN of your Access Gateway server:
If you used iPhone as the Logon Point name, enter the FQDN of Access Gateway, such as: FQDNofAccessGateway

If you used anything other than MobileDevice as the Logon Point name, enter the following path in the Address field: AGA-FQDN/CitrixLogonPoint/<secondLogonPointName>.

In the Citrix Access Gateway settings, turn on Access Gateway, set the Gateway Type to Advanced edition, and select the authentication method.

basraj

THe above settings are quite similar to CPS4.5

Grodel

ASKER

Hello and thank you for your reply.

Iam not sure what to put in: "Server running Advanced Access Control"
As mentioned Iam using 2 logins to get into my citrix apps.
First I have created some users directly on the access gateway and next I login using my AD user.

This is how the setting is now: pic: cag1.jpg

This is where I dont know what to put in: cag2.jpg
cag1.JPG

Grodel

ASKER

This is where I dont know what to put in: cag2.jpg
cag2.JPG

Grodel

ASKER

This is my citrix 4.5 setup:

ps45.JPG

basraj

THe name of the device which is having the advanced access cotnrol

Grodel

ASKER

Yes.... but to my knowledge I dont have a device that is running advanced access control.
Can you point me to any solutions I can use for this?

ASKER CERTIFIED SOLUTION