Product Documentation
Gateway
Current Release 13.1 13.0 12.1
View PDF

Configuring the Secure Ticket Authority on Citrix Gateway

November 12, 2024
Contributed by: 
C C

The Secure Ticket Authority (STA) is responsible for issuing session tickets in response to connection requests for published applications on Citrix Virtual Apps and published desktops on Citrix Virtual Desktops. These session tickets form the basis of authentication and authorization for access to published resources.

You can bind the STA globally or to virtual servers. You can also add multiple servers running the STA when you configure a virtual server.

If you are securing communications between the Citrix Gateway and the STA, make sure that a server certificate is installed on the server running the STA.

In a typical Citrix Gateway GSLB deployment, all gateway virtual servers (in each site) must be configured with the same back-end STA servers to avoid reconnection issues.

Note:

  • If STA servers are configured to use HTTP protocol (for example, http://staFQDN.com) and the delivery controller (DDC) uses HTTPS, the connection fails. This failure occurs because the DNS resolution or any probe attempting to communicate with the STA server using the incorrect protocol does not succeed. It is essential to ensure that the STA server URLs are updated to use HTTPS to match the DDC configuration.

  • For more information on when it is appropriate to use HTTP vs HTTPS, when to use FQDN over IP address for different STA use cases, and how to protect STA traffic with SSL, see NetScaler Gateway Secure Ticket Authority.

  • For cloud connectors to support HTTPS STA configuration, set XmlServicesEnableSsl to 1 on cloud connector and restart the Citrix Remote Broker Provider service and the Citrix High Availability service. For more information, see Secure Ticket Authority (STA) Showing Offline and 503 Error in a Browser.

To bind the STA globally

  1. Navigate to Citrix Gateway > Global Settings.
  2. In the details pane, under Servers, click Bind/Unbind STA Servers to be used by the Secure Ticket Authority.
  3. In the Bind/Unbind STA Servers dialog box, click Add.
  4. In the Configure STA Server dialog box, enter the URL of the STA server, click Create, and then click OK.
  5. In the STA Server dialog box, in URL, type the IP address or fully qualified domain name (FQDN) of the server running the STA and then click Create.

    Note: You can add more than one server running the STA to the list. The STAs that are listed in the Web Interface must match the STAs that are configured on Citrix Gateway. If you are configuring multiple STAs, do not use load balancing between Citrix Gateway and the servers running the STA.

To bind a STA to the virtual server

  1. Navigate to Citrix Gateway > Virtual Servers.
  2. In the details pane, select a virtual server and then click Edit.
  3. On the Published Applications tab under Secure Ticket Authority, click Add.
  4. In the Configure STA Server dialog box, enter the URL of the STA server and then click Create.
  5. Repeat Step 4 to add additional STA servers and then click OK.

References

Configuring the Secure Ticket Authority on Citrix Gateway
November 12, 2024
Contributed by: 
C C
November 12, 2024
Contributed by: 
C C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.