Citrix Access Gateway Standard 5.x

Introduction

This document covers the integration of Swivel with the Citrix Access Gateway Standard edition. The standard edition allows authentication using SMS, Email, Mobile Phone applet, Swivel Taskbar, but does not allow the single channel image to be embedded into the login page. To allow the single channel image to be embedded into the login page, the following options are available:

Advanced Access Controller is required, see Citrix Access Gateway Advanced 4.x Proxy the login request to a Web Interface login Citrix Access Gateway Web Interface Proxy

Baseline

PINsafe 3.8

CAG Standard 5.0.3

Prerequisites

Swivel 3.x

Citrix Access Gateway 5.x

Architecture

Authentications are made against Swivel using RADIUS.

Swivel Configuration

Configuring the RADIUS server

On the Swivel Administration console configure the RADIUS Server and NAS, see RADIUS Configuration

Setting up PINSafe Dual Channel Transports

See Transport Configuration

Citrix Access Gateway Standard Edition Integration

Follow the Citrix Access Gateway Standard Edition Administration guide to configure RADIUS authentication.

CAG RADIUS Properties

On the CAG Configuration, configure one or more PINsafe instances as a RADIUS server.

_images/CAG_Standard_5_RADIUS_Properties.jpg

CAG logon Point Properties

Configure Swivel as an authentication server. Swivel would usually be configured as a secondary authentication server with AD as the primary authentication server using RADIUS. In this example Single Sign ON is being used to the Citrix Web Interface, and has been created as a basic logon point.

_images/CAG_Standard_5_login_point_properties.jpg

Verifying the Installation

Browse to the CAG login page and enter username, AD Password and OTC from the SMS or Mobile Phone Client. Check the PINsafe logs to ensure that a RADIUS request has been seen.

_images/CAG_Standard_5_login.jpg

Additional Information

For additional features use the Advanced Access Controller. This allows customised login pages and the Single Channel Turing Image authentication, see Citrix Access Gateway Advanced 4.x