[THIN] More question on CSG/WI/User Certs
- From: "Adam Granatela" <agranatella@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Thu, 20 Sep 2007 13:49:56 -0500
Ok, one more question on this. Environment: AD/resources on separate
boxes. We then have "silos" (and I use that term loosely since it's not a
standard Citrix silo), one for each company. In each silo is an app
database box, and a "Citrix" box which contains PS4 and WI (and possibly CSG
if possible/necessary). We're essentially hosting a turnkey solution for
multiple companies to purchase this application, almost like an app
provider, from our client who hosts everything in our data center. A bit
confusing since there's essentially 3 levels of confusion here. All end
user communication is done straight over the Internet.
What we want to do is have one box for Citrix and have it be the single
point of contact and communications. The app talks to the db server in the
background on its own. The client wants to use user certs as the only form
of 2-factor authentication. Their ideal setup is when the user opens the
web page, it prompts them for their user certificate, and after they choose
that, they are automatically signed into WI and see their apps, without
having to type username/password into the WI login screen.
We will be issuing user certs separately and not as a part of this Citrix
solution, so we can assume that 100% of the users who want to use this will
have a proper user cert on their machine prior to connecting.
Is this even possible? I've never worked with user certs before, so this is
new to me, but it doesn't seem like rocket science. Right now I can get the
user cert dialog to come up, user chooses their cert, then WI page comes up,
but the user has to log into WI. Pass-through authentication is looking to
pull a local computer username/password, and not from the user cert, so I'm
not sure if there's a way to do what I'm looking to do. At this time I do
not have CSG in place, as I understand that will only confuse things, since
both WI and CSG would be on the same box.
Any suggestions/ideas/info that may at least give me an answer on this?
Thanks,
Adam
Other related posts:
