Murty M
asked on
Is Azure Market Place "Citrix NetScaler" can authenticate with "On Prem AD" using "Site 2 Site VPN" connection?
Is Azure Market Place "Citrix NetScaler" can authenticate with "On Prem AD" using "Site 2 Site VPN" connection?
How many seconds Azure "Citrix NetScaler" token will be valid for Authentication?
At On Prem side, ADFS required?
Please suggest
How many seconds Azure "Citrix NetScaler" token will be valid for Authentication?
At On Prem side, ADFS required?
Please suggest
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How many seconds Azure "Citrix NetScaler" token will be valid for Authentication?
"NetScaler will authenticate the user credentials (session ticket) against Active Directory, preferably using TCP port Nr. 636 (SSL) based upon the configured Authentication Policy. "
Here the netScaler don't get a Ticket from AD (Kerberos , authentication cookie, or other).
it simple checks, if the user is allowed to logon and send the credentials to storefront afterwards.
SF makes his own authentication with AD.
So you have to handle the netscaler Timeout and the SF Timeout.
NetScaler Gateway has a Session Timeout, configured at the session profile/network settings ... its for the webpage only.
It's not configured by default. (don't know if there is a default value)
https://support.citrix.com/article/CTX215671
at SF you have the timeout-settings within "receiver for web"-settings (def: 20 min)
SF forces to deauthenticate the user at the NetScaler too.
and the last ... the session settings configured at the terminalserver.
"NetScaler will authenticate the user credentials (session ticket) against Active Directory, preferably using TCP port Nr. 636 (SSL) based upon the configured Authentication Policy. "
Here the netScaler don't get a Ticket from AD (Kerberos , authentication cookie, or other).
it simple checks, if the user is allowed to logon and send the credentials to storefront afterwards.
SF makes his own authentication with AD.
So you have to handle the netscaler Timeout and the SF Timeout.
NetScaler Gateway has a Session Timeout, configured at the session profile/network settings ... its for the webpage only.
It's not configured by default. (don't know if there is a default value)
https://support.citrix.com/article/CTX215671
at SF you have the timeout-settings within "receiver for web"-settings (def: 20 min)
SF forces to deauthenticate the user at the NetScaler too.
and the last ... the session settings configured at the terminalserver.
ASKER
Is Azure Market Place "Citrix NetScaler" can authenticate with "On Prem AD" using "Site 2 Site VPN" connection?
With Azure MFA.
Answer: Using S2S VPN you can use all internal authentication methods like ldap, radius, ...
Is it proven solution? i.e anywhere this kind of solution implemented?
Please suggest.
With Azure MFA.
Answer: Using S2S VPN you can use all internal authentication methods like ldap, radius, ...
Is it proven solution? i.e anywhere this kind of solution implemented?
Please suggest.
ASKER
Hi All, anyone tested or implemented below scenario?
Azure Market Place "Citrix NetScaler" authenticate with "On-Prem AD" using "Site 2 Site VPN" connection?
Azure MFA for two-factor authentication, Citrix FAS for Single Sign-On.
Azure Market Place "Citrix NetScaler" authenticate with "On-Prem AD" using "Site 2 Site VPN" connection?
Azure MFA for two-factor authentication, Citrix FAS for Single Sign-On.
ASKER
Got confirmation that authentication with "On-Prem AD" using "Site 2 Site VPN" connection or even "Express Route" is not recommended.
Any comments here?
Any comments here?
ASKER
Finally, I have received an answer from MS and Citrix.
This Scenario, haven't tested. i.e authentication with "On-Prem AD" using "Site 2 Site VPN" connection or even "Express Route" is not tested.
This Scenario, haven't tested. i.e authentication with "On-Prem AD" using "Site 2 Site VPN" connection or even "Express Route" is not tested.
ASKER
Thanks Dirk for your support on this Question.
This Scenario, haven't tested. i.e authentication with "On-Prem AD" using "Site 2 Site VPN" connection or even "Express Route" is not tested.
This Scenario, haven't tested. i.e authentication with "On-Prem AD" using "Site 2 Site VPN" connection or even "Express Route" is not tested.
ASKER
Which service you wish to use? (WebApplicationDelivery, OWA, XenApp, VPN, ...) --- XenApp.
How many seconds Azure "Citrix NetScaler" token will be valid for Authentication? ---
http://www.basvankaam.com/2016/12/19/demystifying-the-citrix-xenapp-logon-enumeration-and-launch-steps-new-details-included/
NetScaler will authenticate the user credentials (session ticket) against Active Directory, preferably using TCP port Nr. 636 (SSL) based upon the configured Authentication Policy.
In this blog, Basvankaam, explained about On-Prem authentication. I am referring this Session Ticket .How long this ticket valid?
In S2S VPN, can authenticate session ticket within the valid period?
Please suggest.