[THIN] Re: More question on CSG/WI/User Certs
- From: "Steve Greenberg" <steveg@xxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Thu, 20 Sep 2007 12:47:57 -0700
I think you can do this by creating a Secure HTTPS site in IIS and requiring
the private cert you are generating. I don't know how single sign on is
impacted in that case, are you using the same domain/username/password on
the remote computer and Citrix server?
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale, AZ 85262
(602) 432-8649
www.thinclient.net
steveg@xxxxxxxxxxxxxx
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Adam Granatela
Sent: Thursday, September 20, 2007 12:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: More question on CSG/WI/User Certs
Nope, Internet --> firewall --> server. Not 100% ideal, which is where the
idea of CSG came from, but at least if we have port 80 shut off and only
allow 443 and 1494 in it will be more secure than having the whole thing
open.
On 9/20/07, Steve Greenberg <steveg@xxxxxxxxxxxxxx> wrote:
What is your external access point? i.e. are you using a Citrix Access
Gateway?
Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd D8453
Scottsdale , AZ 85262
(602) 432-8649
<http://www.thinclient.net/> www.thinclient.net
steveg@xxxxxxxxxxxxxx
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Adam Granatela
Sent: Thursday, September 20, 2007 11:50 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] More question on CSG/WI/User Certs
Ok, one more question on this. Environment: AD/resources on separate boxes.
We then have "silos" (and I use that term loosely since it's not a standard
Citrix silo), one for each company. In each silo is an app database box,
and a "Citrix" box which contains PS4 and WI (and possibly CSG if
possible/necessary). We're essentially hosting a turnkey solution for
multiple companies to purchase this application, almost like an app
provider, from our client who hosts everything in our data center. A bit
confusing since there's essentially 3 levels of confusion here. All end
user communication is done straight over the Internet.
What we want to do is have one box for Citrix and have it be the single
point of contact and communications. The app talks to the db server in the
background on its own. The client wants to use user certs as the only form
of 2-factor authentication. Their ideal setup is when the user opens the
web page, it prompts them for their user certificate, and after they choose
that, they are automatically signed into WI and see their apps, without
having to type username/password into the WI login screen.
We will be issuing user certs separately and not as a part of this Citrix
solution, so we can assume that 100% of the users who want to use this will
have a proper user cert on their machine prior to connecting.
Is this even possible? I've never worked with user certs before, so this is
new to me, but it doesn't seem like rocket science. Right now I can get the
user cert dialog to come up, user chooses their cert, then WI page comes up,
but the user has to log into WI. Pass-through authentication is looking to
pull a local computer username/password, and not from the user cert, so I'm
not sure if there's a way to do what I'm looking to do. At this time I do
not have CSG in place, as I understand that will only confuse things, since
both WI and CSG would be on the same box.
Any suggestions/ideas/info that may at least give me an answer on this?
Thanks,
Adam
Other related posts:
