Citrix Gateway

Configuring Smart Card Access with the Web Interface

When you configure the Web Interface to use smart card authentication, you can configure the following deployment scenarios in order to integrate Citrix Gateway, depending on how users log on:

  • If users log on directly to the Web Interface by using Citrix Workspace app and smart card authentication, the Web Interface must be parallel to Citrix Gateway in the DMZ. The server running the Web Interface must also be a domain member.

    In this scenario, both Citrix Gateway and the Web Interface perform SSL termination. The Web Interface terminates secure HTTP traffic including user authentication, the display of published applications, and the starting of published applications. Citrix Gateway terminates SSL for incoming ICA connections.

  • If users log on with the Citrix Gateway plug-in, Citrix Gateway performs the initial authentication. When Citrix Gateway establishes the VPN tunnel, users can log on to the Web Interface by using the smart card. In this scenario, you can install the Web Interface behind Citrix Gateway in the DMZ or in the secure network.

Note: Citrix Gateway can also use the smart card for authentication by using a client certificate.

For more information, see Configuring Smart Card Authentication

Configuring Smart Card Access with the Web Interface