This week I completed my first Citrix NetScaler project.
Two different Citrix Access Gateway portals, both with different logon authentication methods.
The first portal does Two-factor authentication (LDAP and RSA SecureId). RSA SecureID authentication is based on the build-in RSA Radius server, which runs on the local RSA Server.
The second portal does LDAP authentication and Private Client Certificates authentication. Any user who access the portal is automatically asked to select the right Client Certificate. The CN from the Client Certificate is automatically used as username on the Citrix Access Gateway portal. The user has no option to change the username.
If there are is no Client Certificate installed on the local computer, or the Client Certificate is not selected/accepted, than the portal page is not displayed.
The Client Certificates are issued from the Certificate Authority which is installed on a company’s Windows Server.
The Citrix Netscaler is also configured to do a daily check for the CRL (Certificate Revocation List) on the Certificate Authority, to see if there are any certificates that are revoked by the company.