Citrix Access Gateway and Safeword

Posted on 2009-04-29
Last Modified: 2012-06-21
We are using Web Interface 5.  I have it working with Safeword tokens and authenticating internally to our network.  We installed a Citrix Access Gateway, Standard Edition.  When users access the Web Interface, they have to enter their id and password on the first screen, then they get the Web interface login screen and have to enter their id and password along with the token passcode.  I'd like to eliminate the first step.  I want users to just enter their id, password and passcode once.  I have tried to setup a realm with two source authentication, but no luck.  Any one get this working?
Question by:GordJones
    LVL 10

    Expert Comment

    You can disable the CAG portal logon and redirect straight to the Web Interface where they will only need to enter logon details once. do the following:
    1. On the Access Policy Manager tab, under User Groups, right-click a group (or just the default group) and click Properties.
    2. On the Gateway Portal tab, click Redirect to Web Interface.
    3. In Path, type the path of the server that is hosting the Web Interface.
    4. In Web Server, type the IP address or FQDN of the server that is hosting the Web Interface.
    5. To secure the connection, click Use a secure connection. Click OK.

    You'll then need to disable the portal logon
    1. Click the Global Cluster Policies tab.
    2. Under Advanced Options, clear Enable logon page authentication.
    3. Click Submit.

    I've pulled this out of the CAG user guide as I can't currently access my CAG to get the details and I can't remember off the top of my head. If this is wrong or you can't find it, let me know and I'll try to get on my CAG later today to verify exactly where the settings are. I suspect you already have the WI redirection so it's just the disabling of the CAG portal that needs to be done.

    Author Comment

    Thanks for the feedback.  I did have the path set correctly for the Web Interface.  I unchecked the Enable logon page authentication, but no luck.  How do you have your realm setup?  I've read some different options, like having a 2 source realm.  Right now, I have 1 realm authenticating with LDAP.  
    LVL 10

    Expert Comment

    Ahh, change your single (default) realm so there is No Authentication. That will allow the redirect to the WI without first asking users for logon credentials.

    The only other thing you could do, is configure passthru authentication for the WI. See the following document:

    You may need to configure dual source authentication on the CAG so that LDAP and Safeword authentication can be used.

    Author Comment

    Took a look at the document in the link.  Set everything up okay.  But the authorization is still not working on the CAG.  I can get it to work if I have the authentication happening from the WI, but I want to have the CAG authenticate.  Maybe it's not possible?  I have set a 2 source realm, first being ldap,second safeword, but no luck.
    LVL 8

    Accepted Solution

    There's a java script you have to apply onto your WI server.

    just follow the directions. It worked for me - had EXACTLY the same problem


    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now