WTOS 9 and SAML/Azure MFA

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #52906
    Avatararbleb
    Participant
    • Total Post: 31
    • Frequent Flyer
    • ★★★

    Good morning Monkeys!

    Piloting WTOS 9 remotely from home and attempting to get it to authenticate with a Netscaler Gateway setup with SAML/Azure MFA.

    I plug the URL into the Broker section of policy and that seems to come down correctly – however – when booting up the thin device, I’m being challenged with username/password/domain and I can’t seem to bypass (at this stage, our domain isn’t available to authenticate).

    I think I’m missing something fundamental.  My goal is to have the thin device hit our Gateway which does a redirect to SAML for the user to authenticate, and then return to our Storefront via that Gateway (where the user could now provide domain credentials).

    I’ve poured through the policies, admin guide and these forums and see no mention of this setup, thus I think I’m heading the wrong direction.

    Any advice/input/wisdom to share?

    #52927
    ConfGenConfGen
    Keymaster
    • Total Post: 9723
    • Jedi Master
    • ★★★★★★★

    You are using the Netscaler URL as your broker, correct?
    Have you configured the policy to use LDAP or anything else for authentication?

    CG

    #53034
    Avatararbleb
    Participant
    • Total Post: 31
    • Frequent Flyer
    • ★★★

    Good morning!

    Correct – using the Netscaler URL as my broker.

    I’ve tried every option for authentication (Default, LDAP and LDAP+RSA) and it continues to prompt me for a domain username/password when I power up the thin device.  It appears to be getting the correct policy from WMS.

    If I enter in my e-mail address/password, it prompts me for a “token code” – but our SAML based Netscaler URL doesn’t use token codes.

    I feel like I need to bypass that initial authentication  because our Netscaler Gateway doesn’t use LDAP or RSA – which leads me down the path that I’m missing something fundamental.

    #53071
    Avatarbrian1020
    Participant
    • Total Post: 107
    • Legend in Own LunchBox
    • ★★★★★

    For your Citrix broker server are you doing the URL to the store?  For example I have https://company.name.com/Citrix/NSWEBFAS as my broker.

    Citrix Workspace mode turned on

    NetScaler/ADC authentication method is Default

    i have no issues with Microsoft 2FA SAML auth that way.

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.