Overview Security Headers are http header, which set additional limitations for a overall higher security when it comes to common attack mechanisms like Cross Site Scripting (XSS), Clickjacking or MIME-Sniffing. A part of most of
Continue readingTag: NetScaler
NetScaler – An Identity Provider (IdP) Solution with MFA for OnPrem-Services and Citrix DaaS
Overview Recently I had the pleasure of being invited to the SwissCUGC Event in Zurich about the benefits for using Citrix ADC as an overall Identity Provider (IdP). It was really great fun and I
Continue readingNetScaler – Publishing Manageotp to External with nFactor
Overview Recently I had the requirement to publish the /manageotp Citrix ADC Native OTP Selfservice-Portal to external with the following filtering: If User hasn’t enrolled any OTP yet, log into Selfservice should be Username +
Continue readingNetScaler – The ultimate Upgrade Guide
Overview As there are many changes in latest firmware builds of Citrix ADC and I was running in problems after upgrading from older 11.1 / 12.0 / 12.1 to newer 13.0 / 13.1 releases, I
Continue readingNetScaler – SSL VPN is breaking SSO to OAuth-based WebApps
Overview Quick post about an OAuth-Issue with Citrix ADC’s SSL VPN. There is a missing hint in CTX225084 as this article is only refering to SharePoint deployments. OAuth can make use of the bearer authorization token. If users
Continue readingNetScaler – Securing Microsoft Exchange Hybrid Deployments
Overview As most MS-Exchange-Online migrations are ending up with one Exchange-part OnPrem – it’s called Exchange Hybrid Deployment – I was thinking about the hardening of the two commonly used exchange virtual directories, Autodiscover and
Continue readingNetScaler – nFactor User Certificate Authentication – or “The Demystifying of “User-Agent” Header
Overview In a recent project I got the request for rolling out Citrix Push-OTP for about 4500 remote Users for HDX and SSLVPN Citrix Gateway (maybe I will share my experience with Push-OTP on another
Continue readingNetScaler – Accepting “wrong” User Principal Names
Overview It’s nothing new that more and more companies are choosing the M365 way and what’s the first thing to do to give your users SSO and the option to sign in to the office
Continue reading