Configuring Form-Based Single Sign-On

Form-based single sign-on allows users to log on one time to all protected applications in your network. When you configure form-based single sign-on in Citrix Gateway, users can access web applications that require an HTML form-based logon without having to type their password again. Without single sign-on, users are required to log on separately to access each application.

After creating the form single sign-on profile, you then create a traffic profile and policy that includes the form single sign-on profile. For more information, see Creating a Traffic Policy.

To configure form-based single sign-on

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand Citrix Gateway > Policies and then click Traffic.

  2. In the details pane, click the Form SSO Profiles tab and then click Add.

  3. In Name, type a name for the profile.

  4. In Action URL, type the URL to which the completed form is submitted.

    Note: The URL is the root relative URL.

  5. In User Name Field, type the name of the attribute for the user name field.

  6. In Password Field, type the name of the attribute for the password field.

  7. In SSO Success Rule, create an expression that describes the action that this profile takes when invoked by a policy. You can also create the expression by using the Prefix, Add, and Operator buttons under this field.

    This rule checks if single sign-on is successful or not.

  8. In Name Value Pair, type the user name field value, followed by an ampersand (&), and then the password field value.

    Value names are separated by an ampersand (&), such as name1=value1&name2=value2.

  9. In Response Size, type the number bytes to allow for the complete response size. Type the number of bytes in the response to be parsed for extracting the forms.

  10. In Extraction, select if the name/value pair is static or dynamic. The default setting is Dynamic.

  11. In Submit Method, select the HTTP method used by the single sign-on form to send the logon credentials to the logon server. The default is Get.

  12. Click Create and then click Close.

Configuring Form-Based Single Sign-On