Sep, 2015

NetScaler Gateway Single Sign-On to Storefront in Clientless Access Mode

Step By Step Guide to Single Sign-On to Storefront in Clientless Access Mode

While playing in my Lab with the Citrix NetScaler Unified Gateway I encountered the following problem. Within Clientless Access mode I could not access the Storefront Server. To be honest it wasn’t working at all.
Google Chrome showed me the following screen

NetScaler Gateway Frame Error

While the Internet Explorer gave me at least an error.

NetScaler Gateway Frame Error

Since the ICA Proxy Mode worked very well I started digging 🙂  Thanks to Maik Steppeler from Citrix who helped with the last missing piece of this jigsaw! I assume you have the NetScaler Gateway & the Storefront up and running. I assume also that you have everything configured till a point where “it should be working” 😉 If not please ping me.

At first we start on the Storefront Server(s). We navigate to the web.config file within your Webstore Folder. Something like this C:\inetpub\wwwroot\Citrix\YourStoreWeb.

You will find the followings entry three times:

<add name=”X-Frame-Options” value=”deny” />
<add name=”Content-Security-Policy” value=”frame-ancestors ‘none'” />

If you are only using the Internet Explorer you have to change the Value within “<add name=”X-Frame-Options” value=”deny” />” from deny to allow. If you and your user are also using Chrome or FireFox you will also have to change <add name=”Content-Security-Policy” value=”frame-ancestors ‘none'” /> from none to self.

After editing it should look like this:

Storefront web.config Fix Frame Error

Now restart you IIS. Also make sure you enabled Remote Access in your Storefront Store.

Storefront Remote Access

We are now switching to the NetScaler. Within the NetScaler change to your Session Profile and enable “Single Sign-on to Web Applications” if this is not already enabled.

NetScaler Signle Sign-on to Web Applications

Go back to the Global Settings of the NetScaler Gateway and go to “Configure Domains for Clientless Access”

NetScaler Gateway Global Options

And under “Allow Domains” add your local Domain.

NetScaler Gateway Allow Domains Clientless Access

That’s it! If you now login and change to your Application section you will see your Applications published through Storefont without providing additional credentials!

Single Sign-On to Storefront in Clientless Access Mode


About Jens

My name is Jens Trendelkamp. I currently work as an IT Consultant at sepago GmbH. My fields of specialty are Application Delivery, SBC\VDI Solutions and Enterprise Mobility based on Products from Microsoft and Citrix.

By continuing to use the site, you agree to the use of cookies. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.