Contextless Login Application for Web Interface (CLAW)
Novell Cool Solutions: Feature
Digg This -
Posted: 9 Sep 2004
Novell and Centralis announce the joint development of CLAW (Contextless Login Application for Web Interface). CLAW simplifies, secures and enhances your Citrix Web Interface installation by providing fast LDAP contextless login without the need for a Novell Client on the Citrix Web Interface Server.
- The Current Situation
- The Solution
|The Current Situation|
Citrix has long provided functionality to present 'Published' applications via a web-based front end, using Novell eDirectory for authentication and administration. With the advent of Citrix Presentation Server 2.0/3.0, this component of the product has changed its name to Web Interface. Citrix Web Interface is shipped in two versions; Windows 200x/IIS and Linux/Unix on Apache/Tomcat. Throughout the rest of this article we will be referring to the Windows version.
The issue with the product in its unaltered form is that, to provide full functionality, it requires the use of the Novell Client on the web server on which Citrix Web Interface Version 2.0/3.0 (previously called NFUSE) is installed. The Novell Client is used to provide contextless login functionality for the user's authentication to the environment. Without the Client installed on the web server, the user is required to enter their full distinguished name (eg. fsmith.it.company.uk) via the web browser authentication. This requires the user to have an understanding of their context as well as their password. With the advent of the Novell 4.9/3.4 client LDAP, contextless login was provided as part of the client for the first time. However this functionality does not operate in a Citrix Presentation Server/Web Interface environment.
- Large numbers of configured search contexts can affect authentication performance; ten minutes or more can be added to the authentication time.
- Installation of the Novell Client on the web servers to provide the functionality can affect security. Security is a concern in an Internet-facing web server where a port 524 connection is required to be open through a company's firewall to the eDirectory Servers.
- Management of eDirectory accounts without contextless login is difficult with companies using alias objects and other methods to present all of the active user accounts within one context.
Novell and Centralis announce the joint development of CLAW (Contextless Login Application for Web Interface). CLAW simplifies, secures and enhances your Citrix Web Interface installation by providing fast LDAP contextless login without the need for a Novell Client on the Citrix Web Interface Server. This additional functionality is provided for both the Citrix Web Interface Version 2 and Web Interface Version 3 components. For the Version 2 solution a Novell ActiveX control is required to be installed on the IIS Server to provide the LDAP functionality. However the Version 3 solution is ASP.NET based, and no additional control is required.
Since the product is LDAP based, the firewall cannot depend on a standard port (636) secured by SSL and dependent on a certificate installed on the Web Interface Server. Since no NDAP connection is being made, no Novell Client install is required on the web server.
The existing method of providing contextless login depends on the Novell Client making repeated calls to the eDirectory tree, and the load of the process is placed on the Web Interface Server. The LDAP method makes a call to the backend server and it is the backend server that is responsible for the processing of the LDAP Search with only the matched information being returned to the Web Server.
No requirement exists to fix the Citrix Presentation Servers context at one location for all users in the tree. In the past this could be achieved through aliases or by a flat authentication tree. Since the CLAW solution provides a secure contextless lookup solution, not dependent on the Novell Client on the Web Server, the user can be either in a flat or completely hierarchical tree, depending on which design best suits the environment.
No existing Citrix Web Interface should be impacted by the addition of CLAW to an environment.
CLAW is available today at Novell Cool Solutions as a freely downloadable file which was jointly developed by Novell and Centralis. You can download it from here.
For more information about Centralis, visit www.Centralis.co.uk
Also please let us know how useful the utility is for you (or otherwise), since this information will allow us to develop further improvements to the existing Novell and Citrix integration capabilities.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com