Self Service Plugin / StoreFront / Merchandising Server / Citrix Access Gateway (Part3)
Welcome back, in this part I’m going to talk about the configuration between the CAG and StoreFront server. While I’m typing this blog there are some new releases. First off all the new version of the Receiver Storefront is v1.1. And there are new Citrix Receivers clients for OSX and Windows. All of my testing is done with the new versions. (As of April 2012)
I want to point out that this blog is how-to configure the StoreFront and the CAG (VPX) without the Self Service Plug-In (that blog comes later). What I’m going to show is how users connect to the environment with the help of a webbrowser (So only the Storefront StoreWeb site).
The CAG is using two network adapters. One connected to the internet and one connected to the internal LAN (And off course you should use an FireWall between the LAN and DMZ but that one is not present here ) Here’s the NIC configuration of the CAG:
UPDATE: Change the CAG hostname to the name on the certificate
Now we create a LDAP Authentication profile. I want my users to authenticate at the CAG and to pass-through this credentials to the StoreFront Express server. Here’s my configuration:
Now we are going to create a basic-logon point which show the StoreFront StoreWeb website.
And the Website Configuration:
Don’t forget to tick the SSO checkmark and don’t tick the: Authenticate with Web Interface checkmark. Because we want to authenticate at the CAG.
Now we switch over to the StoreFront Express machine and open the Citrix Receiver StoreFront Management Console.
In the authentication section we can choose 3 types of authentication. In this scenario only 1 is used. Enable the Pass-through from Citrix Access Gateway method.
And add a trusted domain, in my case the LAB domain. If you want to create a website for the internal users, then enable the: User name and password method.
I’m assuming that the Store is already configured. So go to the beacons section. Add some external beacons. Beacons are used to determine if users are in an internal or external LAN.
Go to the Gateways section and add the Gateway Server.
The name must match the name configured at the CAG and must match the name on the SSL certificate. The gateway url is the logon point we created in the CAG. In my case the logon point has the name: lab
The silent authentication is to authenticate users from an external network. Give your FQDN of the CAG here.
The StoreFront Express server must access the CAG on the internal NIC by it’s FQDN. So update your DNS or (in my case) edit the HOSTS file on the StoreFront Express server.
Go to the Stores section and enable Remote Access on your Store. Select your Gateway server.
Now we have a fully functional StoreFront Express website which is accessed though the CAG. Users authenticate at the CAG and are then taken to the StoreWeb website. The same as the old Citrix Secure Gateway and WebInterface worked. Keep in mind that I didn’t enable the pnagent xml file and the discovery/activation file isn’t working. So my Self Service Plugin generates an error.
If you receive this error: (Cannot complete your request. Could not log off from Access Gateway. Please close your browser to log off.)
Then don’t forget: The StoreFront Express machine needs to access the CAG at his internal NIC by his FQDN (change DNS or edit HOSTS file).
In part 4 I’m going to enable the Self Service Plugin with the StoreFront and CAG. At the moment, this is not working like it should be So please be patient.