Citrix Access Gateway Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard Corp.
Citrix Access Gateway Overview 1. User browses to the Citrix Access Gateway, which presents them with a logon screen. User enters username and CRYPTOCard PIN + One-time password. 2. The Citrix Access Gateway sends the authentication request via RADIUS it to the CRYPTO-MAS Server for validation. 3. The CRYPTO-MAS Server verifies the username and PIN + One-time password. CRYPTO-MAS Server sends back an Access-Accept/Deny. 4. Upon the Citrix Access Gateway receiving an Access-Accept, the Citrix Access Gateway allows the user to logon and the user is presented with their applications. Citrix Access Gateway Implementation Guide 1
Prerequisites The following systems must be installed and operational prior to configuring Citrix Access Gateway to use CRYPTOCard authentication: Ensure that the end user can authenticate through Citrix Access Gateway with a static password before configuring it to use CRYPTOCard authentication. An initialized CRYPTOCard token assigned to a valid CRYPTOCard user. The following CRYPTO-MAS server information is also required: Primary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address: Secondary CRYPTO-MAS RADIUS Server Fully Qualified Hostname or IP Address (OPTIONAL): CRYPTO-MAS RADIUS Authentication port number: CRYPTO-MAS RADIUS Accounting port number (OPTIONAL): CRYPTO-MAS RADIUS Shared Secret: Citrix Access Gateway Implementation Guide 2
Citrix Access Gateway Configuration In order for Citrix Access Gateway to authenticate CRYPTOCard token users, RADIUS authentication must be configured. Citrix Access Gateway without AAC 1. Open the Citrix Access Gateway Administration Tool. 2. Click on Authentication Tab. 3. Click on next Authentication Tab. Select Default or create a new realm. 4. Configure Radius Parameters. Citrix Access Gateway Implementation Guide 3
Turning on AAC for Citrix Access Gateway 1. Open the Citrix Access Gateway Administration Tool. 2. Click on Access Gateway Cluster. 3. Click on Advanced Options, select Advanced Access Control. Enter the IP Address or Hostname of the server running Advanced Access Control. 4. Open the Citrix Access Suite Console. 5. Select your farm (in the case below it s called root ) and Select Edit Farm Properties. Citrix Access Gateway Implementation Guide 4
6. Within the Edit Farm Properties select New. 7. In this example, we would click Edit. 8. Enter your Radius Configuration. Citrix Access Gateway Implementation Guide 5
9. Now select Configure Authorization and select the following information Citrix Access Gateway Implementation Guide 6
Now return back to the main window of the Citrix Access Suite, Locate your Logon Point and define a default Logon Point. Edit the Logon Point Citrix Access Gateway Implementation Guide 7
And Authorization is as follows Citrix Access Gateway Implementation Guide 8
Solution Overview Summary Product Name Vendor Site Supported Client Software Authentication Method Citrix Access Gateway http://www.citrix.com Internet Explorer 6 or higher Mozilla Firefox 1.5 or higher RADIUS Authentication Support RADIUS Functionality for Citrix Access Gateway RADIUS Authentication Encryption Authentication Method New PIN Mode PAP One-time password Static Password User changeable Alphanumeric 4-8 digit PIN User changeable Numeric 4-8 digit PIN Server changeable Alphanumeric 4-8 digit PIN Server changeable Numeric 4-8 digit PIN Trademarks CRYPTOCard, CRYPTO-Server, CRYPTO-Web, CRYPTO-Kit, CRYPTO-Logon, CRYPTO-VPN, CRYPTO-MAS are either registered trademarks or trademarks of CRYPTOCard Corp. Microsoft Windows and Windows XP/2000/2003/NT are registered trademarks of Microsoft Corporation. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Publication History Date October 27, 2006 November 8, 2006 November 29, 2006 Changes Initial Draft Global Edit Minor Revision Citrix Access Gateway Implementation Guide 9