22.0 Configuring SSL VPN for Citrix Clients

The Access Manager can be configured to provide single sign-on for Citrix* clients. Figure 22-1 illustrates this process for the Citrix Web client.

Figure 22-1 Citrix Client Configuration

  1. The client specifies the public DNS name of the Access Gateway that accelerates the Web Interface login page of the Citrix MetaFrame Presentation Server.

  2. The Access Gateway redirects the user to the Identity Server for authentication, because the URL is configured as a protected resource.

  3. The Identity Server authenticates the user’s identity.

  4. The Identity Server propagates the session information to the Access Gateway through the Embedded Service Provider.

  5. The following activities take place:

    1. The Access Gateway has been configured with a Form Fill policy, which invokes the SSL VPN servlet along with the corresponding policy information for that user. The SSL VPN servlet creates a secure tunnel between the client and the SSL VPN server.

    2. On successful SSL VPN connection, the Access Gateway performs a single sign-on to the Citrix MetaFrame Presentation Server. The user is authenticated to both the Citrix Presentation Server and to the SSL VPN server.

  6. The Web session containing the list of published applications in the Citrix Presentation server is served to the client through the Access Gateway.

  7. When the user connects to the published application, the data goes through the secure tunnel that is formed between the client and the SSL VPN server.