Authentication is an important part of a Citrix ADC / NetScaler environment. However, Citrix did, and still do, some fundamental changes, so even experienced Citrix ADC / NetScaler admins will have to upgrade their skills. Citrix is currently in the process of moving from classic policies to advanced policies and – at the same time – to n-factor authentication. Citrix ADC 13.1 will very likely not support classic authentication any more!
Authentication is not available in the free edition of Citrix ADC, instead, it takes a license. Any license is OK as long as you play with Citrix gateway, an advanced/enterprise or premium/platinum license is required for classic AAA.
Our lab deals with classic AAA scenarios. If you want to integrate Citrix n-factor authentication with Citrix (Unified) Gateway you may benefit from Johannes’s blog about single factor from inside and multiple factors from outside.
My college Jesse Strebel pointed out: Policies in my example are not specific enough, so he can’t consider them to be secure. We agree. The intention of these labs had not been to create a secure environment, but to point out, how n-factor works. It needs some re-thinking in case you want to take n-factor in production.
The more specific the rules, the less surface area for the non authorized. When building rules/ expressions people tend to focus on getting it to work. People need to also ask the question of what does not work. Or what also works that I don’t want.
He is absolutely right.