![]() In the case of Citrix deployments, such workarounds can be useful if an organization is constrained and unable to deploy Citrix FAS. Other identity solution providers have been hard at work devising their own workarounds to the authentication gap between SAML and Windows OS. That particular configuration was quite complex, required Citrix ADC 13.0, and the Citrix ADC needs to stand in as an IDP during the authentication flow in order to capture credentials so we can re-use them during an LDAP factor. In one of my recent articles, I walk through a complicated configuration for Azure MFA via SAML at Citrix Gateway without the use of Citrix FAS. Please see workaround notes at bottom of this article for users on a corporate network where DSSO is used. NOTE 2: This solution does not appear to function well with Okta’s agentless DSSO solution wherein Okta assumes responsibility for Kerberos authentication. ![]() This article’s examples do not contain those adjustments and readers are encouraged to modify their deployments accordingly to mitigate the security risk. Upon remediation with appropriate firmware, SAML configurations require adjustment as per CTX316577. ![]() NOTE 1: As of June 8th, 2021, Citrix has identified two vulnerabilities covered in CTX297155. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |