This post is relevant to the Nike (8.6) and above Release of the XenMobile Enterprise Edition

  • Device Manager Build :-8.6.33292
  • AppController :- 2.9.0_111000
  • Netscaler Build : – NS10.1: Build 120.1316.e.nc

Pre-requisites for this setup is that the Certificate Authority is configured and settings on the MDM Server are done to provide user certs to device

On the AppController > Settings > Deployment > Edit\Add the NetScaler Gateway

  • Set Logon type to certificate
  • Do not require passwords should be unchecked
  • External URL should be set to the NSG URL
  • StoreFront Settings
    • Allow Storefront to aggregate AppController Apps :- Set to YES
    • Authentication Server  :- Set to NO

On the Netscaler, Netscaler Gateway > Virtual Servers (Pre-requisite the NSG is already added and configured) >Open the NSG

Add the Root Certificate from the Certificate Authority as a CA

Click on the Authentication Tab and Bind the LDAP policy and the Certificate Policy and give them the same Priority

If the Certificate policy is previously not created you can go ahead and create it here

Give it a name CertificatePolicy in this case and set the Authentication Type to CERTS

Click on New In the Server

Give it a Name and in User Name Field select “SubjectAltName:PrincipalName”

Two factor needs to be set to OFF. Click Create

Back in the “Create Authentication Policy” server field should now show the certificate we created in the above step

Next Click on Named Expressions “Client is from different geographical reg…” drop down and scroll right to the bottom and select “TrueValue” and Click “Add Expression”

This should add “ns_true” in the Expressions window. Click Create

Ensure that the priorities on the authentication policies are the same

Click Back on the “Certificates” Tab and Select “SSL Parameters”

Check “Client Authentication” and make “Client Certificate – Optional” and Click OK and OK

The setup is now ready to accept either certificate or Ldap authentication from WorxHome

Using this method admins can provide extra layer of security utilizing certificate authentication for mobile apps and seamlessly provide HDX integration to apps behind the NetScaler