Citrix Systems, Inc. Web Interface

Similar documents
VMware Identity Manager vidm 2.7

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

SSH Communications Tectia 6.4.5

Vanguard Integrity Professionals ez/token

RSA Ready Implementation Guide for

Cisco Systems, Inc. Aironet Access Point

Attachmate Reflection for Secure IT 8.2 Server for Windows

Barracuda Networks SSL VPN

Infosys Limited Finacle e-banking

Caradigm Single Sign-On and Context Management RSA Ready Implementation Guide for. Caradigm Single Sign-On and Context Management 6.2.

Avocent DSView 4.5. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: June 9, Product Information Partner Name

Cyber Ark Software Ltd Sensitive Information Management Suite

Barracuda Networks NG Firewall 7.0.0

Cisco Systems, Inc. Wireless LAN Controller

Cisco Systems, Inc. Catalyst Switches

<Partner Name> RSA SECURID ACCESS Standard Agent Implementation Guide. WALLIX WAB Suite 5.0. <Partner Product>

HOB HOB RD VPN. RSA SecurID Ready Implementation Guide. Partner Information. Product Information Partner Name. Last Modified: March 3, 2014 HOB

Rocket Software Strong Authentication Expert

Dell SonicWALL NSA 3600 vpn v

Security Access Manager 7.0

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Microsoft Forefront UAG 2010 SP1 DirectAccess

<Partner Name> RSA SECURID ACCESS. VMware Horizon View Client 6.2. Standard Agent Implementation Guide. <Partner Product>

RSA Ready Implementation Guide for. VMware vsphere Management Assistant 6.0

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Cisco Systems, Inc. IOS Router

RSA SecurID Ready Implementation Guide. Last Modified: November 19, 2009

Apple Computer, Inc. ios

RSA SecurID Implementation

Pulse Secure Policy Secure

Microsoft Unified Access Gateway 2010

RSA SecurID Ready Implementation Guide

Open System Consultants Radiator RADIUS Server

RSA Ready Implementation Guide for. Checkpoint Mobile VPN for ios v1.458

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

SecureW2 Enterprise Client

RSA Ready Implementation Guide for. HelpSystems Safestone DetectIT Security Manager

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

RSA SECURID ACCESS PAM Agent Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Barron McCann Technology X-Kryptor

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide

RSA Ready Implementation Guide for

Fischer International Identity Fischer Identity Suite 4.2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. CyberArk Enterprise Password Vault

How to Configure the RSA Authentication Manager

RSA Ready Implementation Guide for

TalariaX sendquick Alert Plus

How to Integrate RSA SecurID with the Barracuda Web Application Firewall

Hitachi ID Systems Inc Identity Manager 8.2.6

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

How to RSA SecureID with Clustered NATIVE

RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]

SailPoint IdentityIQ 6.4

Authentify SMS Gateway

RSA Ready Implementation Guide for

QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because

Technical Note: RSA SecurID /SA Integration

050-v71x-CSESECURID RSA. RSA SecurID Certified Systems Engineer 7.1x

AT&T Global Smart Messaging Suite

Advantage Cloud Two-Factor Security Process

Remote Access User Guide for Mac OS (Citrix Instructions)

Security Cooperation Information Portal

McAfee Endpoint Encryption

BMC Software BMC Provisioning Module for RSA Authentication Manager

Receiver for BlackBerry 2.2

RSA Authentication Manager 8.2

RSA Two Factor Authentication. Feature Description

SOFTEL Communications Password Reset and Identity Management Suite

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Integration Guide. LoginTC

> Nortel Switched Firewall (NSF) SecurID Configuration Guide

Intel Security/McAfee Endpoint Encryption

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

Authentication. August 17, 2018 Version 9.4. For the most recent version of this document, visit our documentation website.

Pass4sure CASECURID01.70 Questions

Secured by RSA Implementation Guide for Software Token Authenticators

Vendor: RSA. Exam Code: CASECURID01. Exam Name: RSA SecurID Certified Administrator 8.0 Exam. Version: Demo

Establishing two-factor authentication with Juniper SSL VPN and HOTPin authentication server from Celestix Networks

Authentication Guide

Integration Guide. SafeNet Authentication Service. Strong Authentication for Citrix Web Interface 4.6

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Remote Access. Application Viewer User Guide

Citrix XenApp. RSA Secured Implementation Guide for RSA DLP Endpoint VDI. Partner Information. Last Modified: March 28 th, 2014

MyFloridaNet-2 (MFN-2) Customer Portal/ Password Management/ VPN Reference Guide

RSA Authentication Manager 7.1 Migration Guide

Instructions for Application Access via SecureCitrix

<Partner Name> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Authenticate & Intel IPT based Token Provider for RSA SecurID

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

Integration Guide. SafeNet Authentication Service (SAS)

MyFloridaNet-2 (MFN-2) Customer Portal/Password Management Reference Guide

RSA ACE/Agent 5.0 for PAM Installation and Configuration Guide

RSA Authentication Manager 7.1 Administrator s Guide

Transcription:

Citrix Systems, Inc. Web Interface RSA SecurID Ready Implementation Guide Last Modified: September 20, 2010 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Citrix Systems, Inc. www.citrix.com Web Interface 5.3 for Windows Server 2008 R2 Citrix Web Interface provides users with access to Citrix XenApp or XenDesktop Server applications and content through a standard Web browser or through the Program Neighborhood Agent, and allows you to configure sites for Citrix Conferencing Manager Guest Attendee log in. The Web Interface employs Java and.net technology executed on a Web server to dynamically create an HTML depiction of server farms for Citrix XenApp or XenDesktop sites. Users are presented with all the applications published in the server farm(s) you have made available. You can create standalone Web sites for application access or Web sites that can be integrated into your corporate portal.

Solution Summary RSA SecurID two-factor authentication enhances security for Citrix solutions by creating an end-to-end trusted and secured solution for an enterprise. Previously, this solution required users to enter their username, RSA SecurID PASSCODE, Windows password, and Windows Domain. With the Citrix Web Interface 5.3, the usability of this solution has been greatly improved in that now remote users can access their applications by logging into Web Interface with a username and PASSCODE only. RSA SecurID supported features Citrix Web Interface 5.3 RSA SecurID Authentication via Native RSA SecurID Protocol RSA SecurID Authentication via RADIUS Protocol On-Demand Authentication via Native SecurID Protocol On-Demand Authentication via RADIUS Protocol On-Demand Authentication via API RSA Authentication Manager Replica Support Secondary RADIUS Server Support RSA SecurID Software Token Automation RSA SecurID SD800 Token Automation RSA SecurID Protection of Administrative Interface Yes Yes Yes Web Interface Authentication Manager 2

Authentication Agent Configuration Authentication Agents are records in the RSA Authentication Manager database that contain information about the systems for which RSA SecurID authentication is provided. All RSA SecurID-enabled systems require corresponding Authentication Agents. Authentication Agents are managed using the RSA Security Console. The following information is required to create an Authentication Agent: Hostname IP Addresses for network interfaces Set the Agent Type to Standard Agent when adding the Authentication Agent. This setting is used by the RSA Authentication Manager to determine how communication with Citrix Web Interface will occur. te: Hostnames within the RSA Authentication Manager / RSA SecurID Appliance must resolve to valid IP addresses on the local network. Please refer to the appropriate RSA documentation for additional information about creating, modifying and managing Authentication Agents. RSA SecurID files RSA SecurID Authentication Files Files sdconf.rec de Secret sdstatus.12 sdopts.rec Location %windir%\system32 %windir%\system32 %windir%\system32 not implemented te: The appendix of this document contains more detailed information regarding these files. 3

Partner Product Configuration Before You Begin This section provides instructions for configuring the Citrix Web Interface with RSA SecurID Authentication. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All Citrix Web Interface components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. RSA SecurID Agent Configuration To begin, install the RSA Authentication Agent 7.x, this must be installed before Citrix Web Interface. During the installation, select a custom installation and make sure that only the Local Authentication Client (LAC) component is checked. Important: You must install the RSA Authentication Manager Agent before installing Citrix Web Interface. Once the agent has been installed successfully, open the agent configuration utility from the control panel. Before enabling the agent, ensure that users can successfully authenticate by using the Direct Authentication Test feature within the RSA Security Center applet: 4

Once a successful test authentication has been made, copy the sdconf.rec, securid, and sdstatus.12 files from the RSA Auth Data folder to the %windir%\system32 directory. The Default RSA Auth Data folder is: C:\Program Files\Common Files\RSA Shared\Auth Data. Next, add the RSA Shared directory to the Path Environment Variable. The default RSA Shared directory is: C:\Program Files\Common Files\RSA Shared. te: If you are unable to log on to the Web Interface using RSA Windows Agent 7.x, additional configuration may be necessary. Please refer to Citrix Document ID: CTX125097. Configuring Citrix Web Interface for RSA SecurID Authentication Run the standard installation for Web Interface. Next, use the Citrix Access Management Console to configure the Web Interface site to use RSA SecurID authentication. Perform the following steps: Important: You must install the RSA Authentication Agent before installing Citrix Web Interface 1. From the Web Interface configuration settings, select Configure Authentication Methods. 5

2. Under Available methods, check Explicit, click Properties. 3. Under the Explicit heading, highlight Two-factor Authentication. 4. Select the Send domain and user name to the ACE/Server box if you have user accounts in different Domains and need to pass your usernames to the Authentication Manager server in the DOMAIN\USERNAME format. 5. If you select the Use Windows password integration box, the Citrix Web Interface server will only prompt for a username and PASSCODE after the first successful authentication. If the user s Domain password is available from the RSA Authentication Manager, then it will be retrieved by the Web Interface server. If the password is not available or is invalid, the Web Interface server will prompt to store the password on behalf of the user to allow for future logins with just a PASSCODE. te: If you are unable to log on to the Web Interface using RSA Windows Agent 7.x, additional configuration may be necessary. Please refer to Citrix Document ID: CTX125097. 6

RSA SecurID Login Screens Login screen: User-generated New PIN: 7

System-generated New PIN: Next Tokencode: 8

Certification Checklist for RSA Authentication Manager Date Tested: September 17, 2010 Certification Environment Product Name Version Information Operating System RSA Authentication Manager 7.1 SP3 Windows Server 2003 RSA Authentication Agent 7.0.2 Windows Server 2008 R2 Citrix Web Interface 5.3.0.34 Windows Server 2008 R2 Mandatory Functionality RSA Native Protocol RADIUS Protocol New PIN Mode Force Authentication After New PIN Force Authentication After New PIN N/A System Generated PIN System Generated PIN N/A User Defined (4-8 Alphanumeric) User Defined (4-8 Alphanumeric) N/A User Defined (5-7 Numeric) User Defined (5-7 Numeric) N/A Deny 4 and 8 Digit PIN Deny 4 and 8 Digit PIN N/A Deny Alphanumeric PIN Deny Alphanumeric PIN N/A Deny Numeric PIN Deny Numeric PIN N/A Deny PIN Reuse Deny PIN Reuse N/A Passcode 16 Digit Passcode 16 Digit Passcode N/A 4 Digit Fixed Passcode 4 Digit Fixed Passcode N/A Next Tokencode Mode Next Tokencode Mode Next Tokencode Mode N/A On-Demand Authentication On-Demand Authentication On-Demand Authentication N/A On-Demand New PIN On-Demand New PIN N/A Load Balancing / Reliability Testing Failover (3-10 Replicas) Failover N/A RSA Authentication Manager RSA Authentication Manager N/A PEW = Pass = Fail N/A = t Applicable to Integration 9

Appendix Partner Integration Details RSA SecurID API 7.0 RSA Authentication Agent Type Standard Agent RSA SecurID User Specification Designated Users Display RSA Server Info Perform Test Authentication Agent Tracing Yes de Secret: de secret is stored as a file (securid) in the RSA Auth Data folder, and then must be manually copied to the %windir%\system32 folder. To remove the node secret, it must be deleted from both locations. sdconf.rec: This file is copied by the RSA Agent installer to the RSA Auth Data folder. It must be copied manually to the %windir%\system32 folder. sdstatus.12: This file is generated at the time of first authentication. It must be copied manually to the %windir%\system32 folder. Agent Tracing: Agent tracing can be enabled and configured by either the RSA Security Center or by creating the necessary entries in the Windows System Registry. 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback