Duo Prompt and NetScaler nFactor Auth

Duo Security provides a rich identity management and authentication platform and it is commonly used to enable multi-factor authentication in enterprise networks. Duo is very flexible and has examples for integrating with NetScaler here – you will see that there are two different configuration examples: one for using the Duo auth proxy service to do AD authentication as well as additional factors, and a second for using the Duo service to do just MFA. Both of … Read more…

NetScaler nFactor Authentication

In case you hadn’t noticed, lots of web services have been changing how they do authentication lately…maybe you’ve heard of some of them: Google …or Microsoft What is really going on here? The forms are applying some intelligence based on who you are or what company you work for. For example, if you work for a company that uses federated authentication for Office 365, you will be redirected back to your company’s IdP. How does … Read more…

Enabling Horizon View PCoIP Connections via NetScaler

This post is probably not necessary because the configuration is pretty simple and easy to get it working – all you need are a NetScaler running 12.0 code or later, and a view connection server v7.0.1 or later. Currently, it is limited to proxying PCoIP traffic only. NetScaler Settings for PCoIP There are two parts to the configuration on the NetScaler: PCoIP VServer Profiles – located in NetScaler Gateway > Policies > PCoIP ; this is … Read more…

NetScaler SAML and Okta

These days, SAML authentication is mainstream and web services are expected to support it in some fashion or another; the SAML 2.0 standard is over 10 years old at this point! One of the key areas of focus for NetScaler is Authentication and Authorization and as such you would expect full support of SAML – and you’d be right. But if you’ve never worked with the SAML protocol, it can seem very daunting at first! … Read more…

Getting Started with NetScaler IP Reputation

Ever wish that you could just block all network traffic from known bad IP addresses? When you start to think about the logistics of this, it would be nice if you didn’t have to manage it either. If you have NetScaler Platinum, you’ve got both of your wishes – and as an added bonus, it’s free! That’s right, if you have a NetScaler Platinum appliance and you are running build 11.0 or later, you have an … Read more…

NetScaler Authentication Error – /cgi/selfauth

While I was rebuilding my lab, I ran into an issue when building out my demo Exchange OWA front-ended by NetScaler – the error was pretty generic, I would attempt to access the OWA page, was then prompted for authentication by the NetScaler AAA engine running as a part of Unified Gateway, then I was dumped to the following error page: Http/1.1 Service Unavailable – /cgi/selfauth/xxxxx This error page is being presented by the NetScaler, … Read more…

Citrix Secure Gateway is EOL…Now What?

Is Citrix Secure Gateway really End of Life? Not really…it’s tied to the lifecycle of the latest product that it was released with which would be XenApp 6.5 – which is incidentally the last product that it works with. Secure Gateway also does not work with any version of StoreFront, so you’re stuck with Web Interface. What does secure gateway do? It allows for an SSL connection to XenApp and XenDesktop resources to be proxied from … Read more…

Demo NetScaler Datastream with SQL AlwaysOn

Is your database application not performing as well as it should? Is your SQL Server running low on resources? Is your application not written to take advantage of SQL AlwaysOn Availability Groups or database sharding? If you answered yes to any of those questions, then NetScaler Datastream to the rescue! Or, maybe you are looking to demo NetScaler Datastream to get a better idea of what capabilities it has in your SQL environment. If that is … Read more…

Demo NetScaler App Firewall

Ever want to try out the feature of the NetScaler known as Application Firewall (AppFW)? Or maybe you need to demo NetScaler App Firewall for one of your customers, but are not sure of the best way to show it off? Well, that’s understandable because App Firewall is powerful and demoing it can be a bit tricky. In this post I’ll cover two of the biggest hurdles in showing off AppFW: Working knowledge of web exploits … Read more…

NetScaler Unified Gateway – Native Receiver

NetScaler unified gateway is one of the great new features in NS version 11. If you’ve worked with some of the more advanced features, then you may be familiar with one of the more common requests: Make a NetScaler Gateway (CAG) the target vServer of a content switching vServer. Fortunately, this is exactly what Unified Gateway does – essentially, Unified Gateway is a content switching vServer with one of the possible target vServers as a non-addressable … Read more…