We are using Citrix XenApp 6.0 and Citrix Netscaler 10.5. We just recently updated to Netscaler 10.5 from Netscaler 10.1.
When we were using Netscaler 10.1 our users only needed to logon 1 time from the Citrix Web portal. Now with Citrix Netscaler 10.5, our users still must oipen the same web page (https://portal.company.net
) ; but, they are re-directed to a Citrix Netscaler VPN page and then after they logon successfully, the user is redirected to a Citrix XenApp page. Then the user must enter the exact same user id as from the 1st page. Our users are finding these 2 web page prompts to be redundant and a waste of their time. I must admit that I agree with the users.
When we were using Netscaler 10.1, our users opened the same web page (https://portal.company.net
) ; but, they were then re-directed to a XenApp-Remote web logon page immidiately. Then the user just entered their company username/password from that 1st page and then they were able to access the company applications.
The Citrix expert that I worked with told me that there are 8 years of code updates between 10.1 and 10.5 and that the extra logon web page is put in by design. It is intended to add an extra layer of authentication and there is nothing that we can do about it.
1. The 2 web logon pages look almost exactly the same(close enough).
a. If one notices the actual web address, the web logon pages are actually different.
2. Both of the web logon pages require the company username and password to authenticate in.
a. So one is entering in their username/password 2 times.
3. After you enter your username/password on the first page then one is re-directed to the 2nd page.
a. It looks as if the original page just refreshed itself and you just need to enter your username and password again because it did not take the first time.
b. After one enters their username/password, on the 2nd page, then the one is able to access the company applications.
c. And one cannot just copy the web address for the 2nd page and try to cheat the system, that will not work.
My questions are:
1. Are 2 web logon portal pages put in by design on Citrix Netscaler 10.5?
2. Is there any way to only use 1 logon web page for authentication with Netscaler 10.5?
a. If yes, then what are we risking?
3. I guess I am questioning the architecture or design of this security measure and the software work-flow.
4. For what it is worth, we are planning on building a new Citrix Farm next week (XenApp 6.5). Could anything be done to make a single sign on for Netscaler 10.5 if it is working with Citrix 6.5?