Tag: NetScaler

Deploy Citrix ADC to Azure using ARM Templates and Ansible

I’ve created an Ansible playbook to deploy Citrix ADC (previously Citrix NetScaler) to Azure using ARM Templates. You can find the playbook here in Azure DevOps, see the readme for the latest information about the playbook, how to use it and the per-requisites. The main points for creating a new one instead of using the…



Choosing “HTML5 Receiver” vs “Native Receiver” dynamically through Netscaler Rewrite Policies

After a user has authenticated on a NSGW vServer, the user will either be prompted to select which Receiver Type (HTML5 vs Native) he/she wants to use, or a choice will be made automatically depending on how well the user’s web browser manages to detect a local Citrix Receiver install. See below picture for an…



Netscaler: ADFS protected by AAA – How to handle SAML POST requests

A limitation with Netscaler AAA is that it cannot handle FormData sent in a POST request to a Netscaler LB vServer that is protected by a AAA vServer. What happens is that the Form data in the POST will not be included when the user is redirected back to the LB vServer after AAA authentication….



Using NetScaler as OpenID Connect SP with ADFS as IDP

How do you configure Citrix NetScaler OpenID Connect Service Provider with Microsoft ADFS as OpenID Connect Identity Provider? I’ve tried making it easy to understand and how you do it using CLI (NetScaler CLI and powershell). Read this post for doing this with SAML….



Using NetScaler as SAML SP with ADFS as IDP

How do you configure Citrix NetScaler SAML Service Provider with Microsoft ADFS as SAML Identity Provider? I’ve tried making it easy to understand and how you do it using CLI (NetScaler CLI and powershell). Before we begin, let us look at what we need to establish the federation: NetScaler (with at least Enterprise license) Active…



NetScaler HA heartbeats in Azure

When using NetScaler with multiple NICs in Azure, heartbeats will not be seen on other interfaces other than the one NSIP is configured on. To resolve this, disable heartbeats on the other interfaces (in my case, NSIP is on 0/1 and disabling on 1/1 and 1/2):

 



NetScaler Active/Passive HA in Azure with multiple NICs/IPs

Update: I’ve found out that there’s a much easier way of doing the below in Azure – take a look at the updated blog post: Updated: NetScaler Active/Passive HA in Azure with multiple NICs/IPs (DSR/Floating IP) —— There are a lot of information out there about setting up NetScaler HA in Azure. One way is…



Citrix changing default ICA Protocol from TCP to UDP Q4 2017

For XenApp/XenDesktop versions released in Q4 2017 or later (version 7.16 or newer), the default protocol for ICA traffic will be changed from ICA TCP to Enlightened Data Transport (EDT). EDT is a recently-developed protocol from Citrix and is UDP based, unlike traditional ICA which is is TCP based. One of the reasons Citrix developed…



RfWebUI idle timeout

There seems to be an issue with the idle timeout in RfWebUI (verified in NetScaler version 12.0) and I’ve created a workaround until it is solved. It is all based on a JavaScript that checks if the user is logged on, if logged on it starts a timer and when the timer is reached logs…



Remove “Password 2” from RfWebUI

Update: Seems like the first method actually removes a password field when changing password. This shouldn’t do that:

Original post: Have you had an issue with RfWebUI where you need to remove the “Password 2”-field when for example using RADIUS as primary authentication source (challenge based) and LDAP as secondary? As always, the great…