I was told earlier there wasn’t much on the internet detailing this configuration so decided to throw a quick post together. I may expand on it later to add detail as to how this works and why you would choose OAuth instead of the more common SAML configuration if anyone is interested (Drop me a tweet if you are – @stuart_carroll. This post will detail how to configure an existing Citrix...
Following on from my previous blog about the latest Citrix ADC CVEs I’ve created a very quick and dirty script to query the Citrix ADC NITRO API and look for SAML actions and SAML iDP Profiles vulnerable to CVE-2020-8300. If this proves useful to anyone I will develop further with the following functionality: Identify bindings for SAML Actions and SAML iDP Profiles to identify if and where...
Vulnerabilities are inevitable when dealing with any system or process, computer based or otherwise. This isn’t a problem in itself, providing the people who are developing and maintaining the systems or processes are continually looking to uncover issues, develop ways to prevent the vulnerability; and implementing these changes to the systems in use. This can feel like a lot of work when...
Thrilled to have been acknowledged and awarded a place in the Citrix CTA program. Announcing the new 2021 Citrix Technology Advocate (CTA) awardees! | Citrix Blogs Very excited to be working with such a great group of people! Although this post has been in my WordPress for way longer then planned due to customer commitments I’m keen to use this award as a reason to kick start my blog and...
Since its release in September 2019 there have been a lot of talk about Windows Virtual Desktop and for obvious reasons WVD adoption has rocketed in the last 12 months but what I find interesting is people’s perception of what WVD is.
Update to my previous blog post NetScaler 11.0 Swivel integration here’s anupdate of how to do exactly the same thing only using NetScaler rewrites rather then editing any code on the NetScaler itself. The reason this is useful is that any updates we make to javascript that comes within the NetScaler firmware may (will probably) need to be redone every time you upgrade your firmware as...
I’ve seen a lot of excellent guides around on optimising SSL parameters on NetScaler which is awesome. A lot of them are geared towards obtaining the coveted A+ rating from Qualsys’ excellent SSLLabs test which I think is important as it gives people an easy way to ensure they are compliant to certain level in a world where the goalposts are frequently rapidly moving even if only...
This method is not compatible with NetScaler version 11.0 after build 64.34 since Citrix deprecated the -userdomains vpn vserver parameter. Please see for alternate instructions. Thanks to Scott Osborne (@VirtualOzzy) for pointing this out to the CUG Networking SIG When NetScaler 11.0 was released I noticed a couple of interesting things 1. There was a new ‘userdomains’ parameter for...
This post has been updated HERE to achieve the same goal only using NetScaler Rewrite and Responder so we no longer need to modify any files on the NetScaler. Use the below method if you do not have NetScaler Standard, Enterprise or Platinum edition licensing For those who may have read my guide to customizing NetScaler Gateway 10.1 UI for Swivel integration (), here’s an update for...
Quick one from a recent deployment. This customer had chosen Swivel () as their secondary authentication. Swivel requires a Turing image to be displayed on the VPN logon page to provide the user with one time password they need to provide for RADIUS authentication. Swivel have helpfully provided very detailed guides on how to do this by replacing the index.html and login.js various NetScaler...
Citrix CTA & Director of Enterprise Technologies @ Coffee Cup Solutions