Introduction

Enhancing security and managing user access to applications is vital for any network infrastructure. In this guide, we’ll walk you through the process of integrating Sentry Radius Authentication with Citrix NetScaler 13. This integration ensures a robust and streamlined authentication experience for your users, leveraging the Swivel Secure AuthControl Sentry solution via RADIUS.

Configuring Sentry Radius

To start integrating Sentry Radius Authentication, follow these steps:

  1. Log into the Sentry Core web administration.
  2. Locate the menu RADIUS -> Server.
  3. Ensure that Server enabled is set to Yes. IP address is normally blank, but it is possible to specify the virtual IP address here in a high-availability scenario. In this case, the Radius server will only be active when the appliance has the virtual IP.
  4. Select RADIUS -> NAS.
  5. Create a new NAS for NetScaler, entering the IP address of the NetScaler and a secret. You will need to use this secret on the NetScaler later.
  6. The remaining settings may need to be altered depending on your scenario.

You can also see further in RADIUS Configuration

Configuring NetScaler

Now, let’s configure NetScaler to work with Sentry Radius Authentication:

Create a Radius server for Sentry by selecting the Configuration menu option Authentication -> Dashboard. A list of Authentication Servers will be shown. Click Add.

  1. Server Type should be RADIUS.
  2. Enter a name.
  3. Select Server IP and enter the IP address of the Sentry appliance.
  4. Enter and confirm the secret key you used on Sentry.
  5. Click Test RADIUS Reachability to confirm everything is correct.
_images/citrix_radius_conf.png

Create a Radius Authentication Policy by selecting the Configuration menu option System -> Authentication -> Basic Policies -> RADIUS. Click Add.

  1. Enter a name.
  2. Select the Radius server you created previously.
  3. Enter an expression to indicate when to use this policy.

Create an Authentication Virtual Server

From NetScaler Configuration, select the option Security -> AAA-Application Traffic -> Virtual Servers. Click Add.

  • Configure the virtual server according to your environment.
  • Add an Advanced Authentication Policy using the one created previously.

Create an Authentication Profile

From NetScaler Configuration, select the option Security -> AAA-Application Traffic -> Authentication Profile. Click Add.

  • Authentication Host: Use the public URL for the authentication virtual server created previously.
  • Select the Authentication Virtual Server created previously.

Enable Sentry Authentication on a Load Balancer Virtual Server

  • Select the virtual server you want to apply Sentry Authentication to. Click Edit.
  • Under Authentication: - Select Form-Based Authentication. - Enter the public URL for the Authentication Virtual Server. - Select the Authentication Virtual Server and the Authentication Profile.

Customize The Logon Page

For customizing the logon page, please refer to the Swivel Secure documentation for scenarios like TURing OTP, TURing Password and OTP, PINpad OTP, and others.

Conclusion

Integrating Sentry Radius Authentication with Citrix NetScaler 13 via the Swivel Secure AuthControl Sentry solution via RADIUS is a robust approach to enhancing security and user access management in your network infrastructure. By following these steps, you’ll ensure a seamless and secure authentication experience for your users.