Active Directory & Citrix XenApp

Hello we have an IIS hosted website, binded to Citrix XenApp Store Front.  We have an AD server, Web Server, Citrix Server.
Currently in order to access site users need a CAC/PKI once this have authenticated they must enter a username & password to get into store front to see their application(s).  What we would like to do is get rid of the username & password, have just CAC/PKI authentication.
ManieyaK_Citrix Systems / Network AdminAsked:
Who is Participating?
 
Tom CieslikIT EngineerCommented:
Certificate-based authentication from registered devices provides the perfect model to address this challenge as well as to eliminate the use of passwords to core enterprise services.

Automating Certificate Management (Issuance, Renewal and Revocation)
Setting up certificate based authentication doesn’t have to be difficult, in fact it can be extremely simple once setup for automation. Microsoft provides a Certificate Authority (CA) as part of the Active Directory set of services, you just have to configure and turn on the service. The first CA that you configure will be your Enterprise Root CA and it needs to be configured to publish the public keys and certificates to Active Directory so that other applications and services can lookup and retrieve them.

Once the CA has been setup, you will need to configure certificate templates to be used for the auto-issuance of Certificates for both user certificates and computer certificates. A certificate can be used to identify either the user or the computer depending on how the certificate is to be used, for example you may use a computer certificate to authenticate a device to the network, but then use a user certificate to identify the user to a VPN or EAS Server. The certificate template must be configured for the identity data that is needed by the services that will use the certificate.

The final step is to configure the computers joined to AD to automatically request a certificate or certificate renewal through Group Policy settings. Microsoft provides the configuration required for Windows computers while Centrify provides full support for Mac (http://www.centrify.com/mac/active-directory-authentication-for-mac-os-x.asp) and Linux (http://www.centrify.com/standard-edition/grouppolicy.asp) as well as iOS and Android mobile devices (http://www.centrify.com/mobile/mobile-security-management.asp).

For step by step instructions, follow this quick how to guide to setup certificate auto-enrollment http://community.centrify.com/t5/Express-for-Mobile-Tips-and/Enabling-PKI-Enrollment-for-mobile-devices-with-Centrify-User/ba-p/16968

Source
https://blog.centrify.com/solving-account-lockout-by-eliminating-use-of-passwords-by-using-certificates/
2
 
ManieyaK_Citrix Systems / Network AdminAuthor Commented:
Thank You.
0
 
Tom CieslikIT EngineerCommented:
You are very welcome :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.