Configure seamless single sign on with Citrix

Follow

Current flow:

Currently when you configure Single Sign on with Workspace 365 and Citrix via SAML, the first time you open an application, you are redirected to the Citrix Storefront page, if you open the application again, the application will open as expected.

Configure new flow:

To prevent the above from happening, Citrix Netscaler offers a new way of redirection which makes it possible to redirect the user back to the desired application after authentication. 

Be aware, this is only possible from Netscaler version 11.0 + 

Step one:

  • Configure a new Responder Policy on the Netscaler Gateway

  • Expression:
HTTP.REQ.URL.PATH_AND_QUERY.EQ("/Citrix/WEBURL/") && HTTP.REQ.HEADER("Referer").CONTAINS("/cgi/setclient?wica")
  • WEBURL = e.g "ndawWeb"

Step two:

  • Configure the Responder Action

  • Expression:
HTTP.REQ.COOKIE.VALUE("NSC_TASS")

Step three:

  • Bind the Responder policy to the Netscaler Gateway Virtual Server

When done, log in to the Workspace 365 environment, and check if it is working as expected. 

Download new Workspace365AppLauncher:

We've also updated our Workspace365AppLauncher, which can be downloaded here, with the possibility to set the Launcher preference on first run, so you'll see the option to select the desired app launcher:

Besides that, we've also created a new file called ChangeReceiver.html, this file makes it possible to change the receiver at all times:

You'll need to create a new shortcut in the Workspace 365 environment, with the URL which points to your Citrix store e.g. "https://netscaler.workspace365.me/Citrix/ndawWeb/ChangeReceiver.html"

Have more questions? Submit a request