Citrix NetScaler, Federated Authentication and Google – StoreFront Config

by David Brett, CTP

The first thing you will need to do is set the StoreFront to accept incoming connections from your new NetScaler URLs.

Click on Manage NetScaler Gateways and add a new gateway for both external URLs and

Make sure you add a callback URL for both of the gateways

Then enable remote access to your store from your new NetScaler Gateways but leave the default gateway option as the gateway

Make sure that you have BOTH gateway URLs defined as external beacons for the StoreFront Server Group

Next you will have to enable Smart Card authentication to your store.  Click on Manage Authentication Methods and enable Smart Card

Next under the options for Pass Through from NetScaler Gateway select Configure Delegated Authentication

Select to Fully Delegate Credential Validation to NetScaler Gateway

Finally you need to enable Smart Card authentication on your Receiver for Web site. Configure your site you are using for Unified Gateway and select to allow Smart Card Authentication

That’s StoreFront configured.

At this stage, it will all work as expected – so go ahead and test it.

HOWEVER – If like me you are a bit of a perfectionist then there are some additional configurations you should make to ensure the user has a great experience and that your deployment is secure.  I will cover those in the final post in this series.


Dave Brett (@dbretty)

Leave a Reply