22.2 Configuring the Access Gateway for Citrix Clients

  1. Create a protected resource for the Citrix login page.

    1. In the Administration Console, click Access Manager > Access Gateways > Edit > [Name of Reverse Proxy].

      The reverse proxy can be set up to require SSL or not.

    2. Click Name of Proxy Service > Protected Resources > New.

    3. When configuring the protected resource, set up the following:

      • Select a contract that requires authentication. Usually this is a Name/Password contract, but it can be a certificate contract if your NFuse server is configured to use certificates.

      • For the URL Path List, specify the URL to the Citrix login page. This URL should include the filename of this login page.

      For more information, see Section 13.4, Configuring Protected Resources.

  2. Create a Form Fill policy and assign it to the protected resource for the Citrix login page.

    1. Click Form Fill > Manage Policies > New.

    2. Name the Citrix policy, select Access Gateway: Form Fill as the type, then click OK.

    3. In the Actions section, click New > Form Fill.

    4. In the Form Selection section, identity the form on the Citrix login page.

    5. In the Fill Options section, create the following:

      • Username input field

      • Password input field

      • (Optional). If your login page requires a domain, add a domain input field.

    6. In the Submit Options section, configure the following:

      • Select Auto Submit.

      • Select Enable JavaScript Handling.

      • Click Statements to Execute on Post. Copy the Citrix Script found in the Additional Resources section in the Novell Documentation site.

        In the script:

        Replace <ag-url> with the hostname of the Access Gateway that is accelerating the the SSL VPN server.

        Change the protocol to HTTPS if the secure protocol is used.

        If you want to use the custom login method, change the URL to:

        http://<ag-url>/sslvpn/custom-login

    7. Configure any other options to match your form and your network.

      For more information, see Section 30.3.2, Creating a Form Fill Policy.

    8. In the Actions section, click New > Form Login Failure.

      Specify the procedures you want followed when login fails. For more information, see Section 30.3.3, Creating a Login Failure Policy.

      Citrix displays login failures via the query string, so you’ll need to use CGI matching.

    9. Click OK, then click Apply Changes.

  3. Click Close.

    You should return to the Form Fill page for the protected resource.

  4. Select the policy you just created, then click Enable.

  5. Click Configuration Panel, then click OK.

  6. On the Server Configuration page, click OK, then click Update.