Introduction
Currently, when a user opens an application for the first time from their workspace, that user will be redirected to the Citrix Storefront and is required to sign in. After authentication, the user can open an application from the Citrix Storefront.
However, we recommend to configure Single Sign-On (SSO) with Workspace 365 and Citrix via SAML. Citrix Netscaler (version 11.0+) offers a way of redirection via a Responder Policy, which makes it possible to redirect the user directly from the Citrix Storefront to the application from their workspace via the Citrix App Launcher. In this article, we'll walk you through the configuration steps.
Note: Users will see a white screen when the redirect policy is enabled when they access the Citrix Storefront directly.
In summary, users can log into the Citrix Storefront (so without SSO) and open an application from there. Or you can configure the Responder Policy to enable SSO and redirect the user directly to the application, as described in this article.
Configuration
Step 1. Configure Citrix Federated Authentication Service
More information on how to configure Citrix Federated Authentication Service:
โhttp://www.carlstalhood.com/citrix-federated-authentication-service-saml/
Step 2. Install the Citrix app Launcher and HTLM 5 SDK
For the download files and instructions, visit our downloads page. We recommend to download the most recent version (currently version 3.0).
Step 3. Configure Responder Policy
Configure a new Responder Policy on the Netscaler Gateway
Expression:
HTTP.REQ.URL.PATH_AND_QUERY.EQ("/Citrix/WEBURL/") && HTTP.REQ.HEADER("Referer").CONTAINS("/cgi/setclient?wica")WEBURL = e.g "ndawWeb"
Step 4. Configure Responder Action
Configure the Responder Action
Expression:
HTTP.REQ.COOKIE.VALUE("NSC_TASS")Step 5. Bind Responder policy
Bind the Responder policy to the Netscaler Gateway Virtual Server
Proceed to step 3