Configuring Citrix Gateway Virtual Server for Microsoft ADAL Token Authentication

September 15, 2021

Contributed by:

S B

To configure a Citrix Gateway virtual server for monitoring Microsoft ADAL token authentication, you need the following information:

certEndpoint: The URL of the endpoint that contains the JSON Web Key (JWK) for ADAL token verification.
Audience: FQDN of the Citrix ADC virtual server to which the app sends the ADAL token.
Issuer: Name of the AAD issuer. Gets populated by default.
TenantID: Tenant ID for Azure ADAL registration.
ClientID:一个unique ID given to the Gateway app as part of ADAL registration.
ClientSecret:一个secret key given to the Gateway app as part of ADAL registration.
ResourceURI:一个n optional parameter to capture the resource URI. If not configured, Citrix ADC uses Azure commercial resource URI.

Perform the following steps using the command line interface:

Create an OAuth action.

                add authentication OAuthAction  -OAuthType  –clientid  -clientsecret  -audience  -tenantid  -issuer  -userNameField  -certEndpoint  -resourceURI  
               

Create an authentication policy to associate with the newly created OAuth action.
```
add authentication Policy  -rule  -action  
```

Bind the newly created OAuth to AuthVS.

bind authentication vserver  -policy  -priority 2 -gotoPriorityExpression END

Create a LoginSchema.

                add authentication loginSchema  -authenticationSchema  add authentication loginSchemaPolicy  -rule true -action  
               

Bind AuthVS with LoginSchema.

bind authentication vserver  -policy  -priority 2 -gotoPriorityExpression END

Add an authentication profile and assign it to a VPN virtual server.

add authnprofile  -authnvsName  set vpn vserver  -authnprofile

Sample configuration

              添加身份验证OAuthAction tmp-action -OAuthType INTUNE -clientid id 1204 -clientsecret a -audience "[http://hello](http://hello/)" -tenantid xxxx -issuer "[https://hello](https://hello/)" -userNameField upn -certEndpoint https://login.microsoftonline.com/common/discovery/v2.0/keys --resourceURI htpps://api.manage.microsoft.com add authentication Policy oauth-intune-pol -rule true -action tmp-action bind authentication vserver auth-vs-for-gw1-intune -policy oauth-pol -priority 2 -gotoPriorityExpression END add authentication loginSchema oauth-loginschema -authenticationSchema "/nsconfig/loginschema/LoginSchema/OnlyOAuthToken.xml" add authentication loginSchemaPolicy oauth-loginschema-pol -rule true -action oauth-loginschema` bind authentication vserver auth-vs-for-gw1-intune -policy oauth-loginschema-pol -priority 2 -gotoPriorityExpression END add authnprofile nfactor-prof-intune -authnvsName auth-vs-for-gw1-intune set vpn vserver gw1-intune-authnprofile nfactor-prof-intune 
             

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configuring Citrix Gateway Virtual Server for Microsoft ADAL Token Authentication

September 15, 2021

Contributed by:

S B

September 15, 2021

Contributed by:

S B

Configuring Citrix Gateway Virtual Server for Microsoft ADAL Token Authentication

In this article