Looking for Smart Card guidance?
Well, you’re in luck! A 237 page Smart Card configuration document, entitled “Configuring Citrix XenDesktop 7.6 and NetScaler Gateway 10.5 with PIV Smart Card Authentication” has been published and is now available as PDF on Citrix.com.
The guide’s intent is to describe how to configure a smart card “test environment” from beginning to end.
It covers smart card configuration with XenApp, XenDesktop and NetScaler Gateway. The document includes an introduction to the problem set and marches its way through detailed configuration guidance including certificate management and numerous screen shots of configuration settings.
Though written specifically for the NIST PIV Smart Card test set, the guidance is applicable to all smart card usage with XenApp, XenDesktop, DDCs, Receivers, StoreFront and NetScaler Gateway.
Future editions of the guid will include:
- Multi-domain and multi-forest Active Directory environments
- Non UPN-based smart card certificate to Active Directory account mapping (such as Alternate Security Identity)
- XenApp coverage
- Double-hop from the Virtual Delivery Agent to XenApp
- Additional smart card middleware (only ActivClient is covered in this edition)
- Additional endpoint coverage (such as Linux, thin clients, Windows 8.1/10, Mac OS X, iOS, Android, nondomain-joined Windows, etc.)
- Information on nonauthentication operations with smart cards (such as S/MIME)
- PKCS#11 configuration (to use smart cards with browsers such as Firefox)
- Notes on how CAC and SIPR diverge from PIV, where appropriate
I send a high compliment to Carel Grove on Citrix’s Authentication Platform team for a job well-done. This is valuable information and we hope you find it useful for your smart card deployments.
For comments, you can post on the CTX article page, CTX200939 or also, here. We look forward to hearing your feedback.