| *** nowen1 (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 12:47 | |
| *** nowen1 is now known as nowen_work | 12:48 | |
| *** mo (4084d7c2@gateway/web/freenode/ip.64.132.215.194) has joined #wikid | 18:37 | |
| mo | hello | 18:37 |
|---|---|---|
| nowen_work | hi | 18:37 |
| *** mo is now known as Guest74821 | 18:37 | |
| Guest74821 | i use wikid with citrix access gateway | 18:38 |
| Guest74821 | i have configured the connection as per wikid recommendation | 18:39 |
| Guest74821 | however, i would like to use single sign on with citrix | 18:39 |
| Guest74821 | because I have to enter the passcode from wikid into the password field of citrix i cannot use sso with citrix | 18:39 |
| Guest74821 | is there a work around | 18:40 |
| Guest74821 | ? | 18:40 |
| nowen_work | ok - so there a single sign-on product from Citrix you want to use? | 18:40 |
| Guest74821 | yes citrix access gateway already has a sso with xendesktop | 18:42 |
| nowen_work | so, if you tell the CAG to authenticate to WiKID, does that not do it? | 18:42 |
| Guest74821 | it does but it uses the pin code to login; what citrix does is it takes the login credentials which includes the pin code and sends to the second server i'm trying to log into which is xendesktop | 18:44 |
| Guest74821 | but xendesktop is not aware of the pin code as password and it fails to authenticate | 18:45 |
| nowen_work | Sorry, I'm not following. The CAG does SSO and it talks radius. The CAG authenticates a user that is logging in. The user is authenticated by WiKID and is logged into the CAG. Then, you try to login to xendesktop and it does not accept the CAG's authorization token? | 18:47 |
| nowen_work | I bet the CAG is not really doing SSO | 18:47 |
| Guest74821 | no | 18:47 |
| Guest74821 | cag is just passing credentials | 18:48 |
| nowen_work | that's not SSO | 18:48 |
| nowen_work | does citrix have a product that really does SSO? | 18:48 |
| Guest74821 | i don't know | 18:48 |
| Guest74821 | but the cag can pass credentials to xendestop or xenapp and login automaticlaly | 18:49 |
| nowen_work | are you sure that SSO is not an option? it appears to be for the Web Interface | 18:51 |
| Guest74821 | without wikid i would enter my credentials to cag the cag then launches xendesktop and logs me in without i'm having to login to xendesktip | 18:53 |
| Guest74821 | however it fails with wikid, so i'm assuming that with wikid cag sents credentials that includes pin code instead of password thus failing | 18:54 |
| nowen_work | yes, I understand that Credential Forwarding works. What I am wonder is if SSO works? | 18:55 |
| nowen_work | Real | 18:56 |
| nowen_work | Real SSO does not forward credentials. it uses a token or ticked of some sort | 18:57 |
| nowen_work | does this help: http://support.citrix.com/proddocs/topic/access-gateway-92/agee-multifactor-auth-double-source-sso-tsk.html | 18:58 |
| Guest74821 | i don't have these options | 19:46 |
| Guest74821 | i'm not using the version of cag you sent me | 19:46 |
| nowen_work | sounds like you need to talk to Citrix. | 19:47 |
| Guest74821 | i'm using cag appliance | 19:47 |
| Guest74821 | i didn't think it was possible with what i have now | 19:47 |
| nowen_work | you either need to be able to use real SSO or be able to enter both the password and the wikid otp | 19:47 |
| Guest74821 | you are right | 19:50 |
| nowen_work | we are well beyond my citrix knowledge ;-) | 19:50 |
| Guest74821 | i think we need a real sso as you said | 19:52 |
| Guest74821 | thanks | 19:52 |
| nowen_work | np | 19:52 |
| *** Guest74821 has quit (Quit: Page closed) | 19:57 | |
| *** nowen_work has quit (Quit: Leaving.) | 21:21 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!