I was told earlier there wasn’t much on the internet detailing this configuration so decided to throw a quick post together. I may expand on it later to add detail as to how this works and why you would choose OAuth instead of the more common SAML configuration if anyone is interested (Drop me a tweet if you are – @stuart_carroll. This post will detail how to configure an existing Citrix...
CitrixADC-CVE-2020-8300 Script
Following on from my previous blog about the latest Citrix ADC CVEs I’ve created a very quick and dirty script to query the Citrix ADC NITRO API and look for SAML actions and SAML iDP Profiles vulnerable to CVE-2020-8300. If this proves useful to anyone I will develop further with the following functionality: Identify bindings for SAML Actions and SAML iDP Profiles to identify if and where...
Managing Citrix ADC vulnerabilities with Citrix ADM Security Advisory
Vulnerabilities are inevitable when dealing with any system or process, computer based or otherwise. This isn’t a problem in itself, providing the people who are developing and maintaining the systems or processes are continually looking to uncover issues, develop ways to prevent the vulnerability; and implementing these changes to the systems in use. This can feel like a lot of work when...
Citrix Technology Advocate (CTA)
Thrilled to have been acknowledged and awarded a place in the Citrix CTA program. Announcing the new 2021 Citrix Technology Advocate (CTA) awardees! | Citrix Blogs Very excited to be working with such a great group of people! Although this post has been in my WordPress for way longer then planned due to customer commitments I’m keen to use this award as a reason to kick start my blog and...
What does Windows Virtual Desktop (WVD) mean to you?
Since its release in September 2019 there have been a lot of talk about Windows Virtual Desktop and for obvious reasons WVD adoption has rocketed in the last 12 months but what I find interesting is people’s perception of what WVD is.
NetScaler 11.0 Swivel integration using NetScaler Rewrite
Update to my previous blog post NetScaler 11.0 Swivel integration here’s anupdate of how to do exactly the same thing only using NetScaler rewrites rather then editing any code on the NetScaler itself. The reason this is useful is that any updates we make to javascript that comes within the NetScaler firmware may (will probably) need to be redone every time you upgrade your firmware as...
Optimising your NetScaler SSL configuration
I’ve seen a lot of excellent guides around on optimising SSL parameters on NetScaler which is awesome. A lot of them are geared towards obtaining the coveted A+ rating from Qualsys’ excellent SSLLabs test which I think is important as it gives people an easy way to ensure they are compliant to certain level in a world where the goalposts are frequently rapidly moving even if only...
NetScaler Gateway 11.0 – Multi Domain dropdown
This method is not compatible with NetScaler version 11.0 after build 64.34 since Citrix deprecated the -userdomains vpn vserver parameter. Please see for alternate instructions. Thanks to Scott Osborne (@VirtualOzzy) for pointing this out to the CUG Networking SIG When NetScaler 11.0 was released I noticed a couple of interesting things 1. There was a new ‘userdomains’ parameter for...
Swivel Integration – NetScaler 11.0
This post has been updated HERE to achieve the same goal only using NetScaler Rewrite and Responder so we no longer need to modify any files on the NetScaler. Use the below method if you do not have NetScaler Standard, Enterprise or Platinum edition licensing For those who may have read my guide to customizing NetScaler Gateway 10.1 UI for Swivel integration (), here’s an update for...
Swivel integration – NetScaler 10.1
Quick one from a recent deployment. This customer had chosen Swivel () as their secondary authentication. Swivel requires a Turing image to be displayed on the VPN logon page to provide the user with one time password they need to provide for RADIUS authentication. Swivel have helpfully provided very detailed guides on how to do this by replacing the index.html and login.js various NetScaler...