Celestix HOTPin and Citrix XenApp

Celestix HOTPin and Citrix XenApp
Celestix HOTPin and Citrix XenApp (Web Interface v6) (Radius)
Integration Guide
This document describes how to integrate a Citrix XenApp (Web Interface) with Celestix HOTPin
two-factor Authentication solution.
The Citrix XenApp (Web Interface) provides - Secure Remote Access to the applications in the
internal corporate network.
Celestix HOTPin provides two-factor, strong authentication for remote Access solutions (such as
Microsoft Unified Access Gateway, Juniper SSL VPN and etc.), without the complication of
deploying hardware tokens or smartcards.
Two-Factor authentication is provided by the use of your Smart Phone to receive the onetime
HOTPin is designed as an easy to deploy and use technology. It integrates directly into
Microsoft‟s Active Directory and negates the need for additional User Security databases.
HOTPin consists of two core elements: a Radius Server and Authentication server. The
Authentication server is directly integrated with Active Directory in real time.
HOTPin Server can be configured in such a way that allows the User to enter their user name,
password and One Time 6 numbers Passcode received upon their mobile phone. This
authentication request is passed via the Radius protocol to the HOTPin Radius server where it
carries out a Two-Factor authentication. HOTPin utilizes a user-friendly web GUI for
configuration. All notes within this integration guide refer to this type of approach.
The equipment used for the integration process is listed below:
Citrix XenApp (Web Interface) ver. 6.x
Windows 2008 server R2 64bit
Active Directory installed or connection to Active Directory via LDAP protocol.
HOTPin Software v3.5
Integration Overview
Celestix HOTPin enables two-factor strong authentication for Citrix XenApp Web Interface.
HTTP (TCP: 80) or
HTTPS (TCP: 443)
Citrix XenApp Web
Interface Management
RADIUS (UDP: 1645)
TCP: 3100
HOTPin Server
LDAP (TCP: 389)
lDSPS (TCP: 636)
Active Directory
It is assumed that the following servers are setup and operational.
Citrix XenApp Server
HOTPin Server 3.5 (HOTPin server can be installed on one of the Servers in XenApp
Configuring RADIUS in HOTPin Server 3.5
From a client computer on your network, login to the HOTPin web UI via
https://ServerName IP Address:8098
Click on HOTPin at the top of the menu and select NPS RADIUS.
Click on RADIUS Clients.
Add a new RADIUS and check “Enable this RADIUS client”.
Key in the following informaiton:
Friendly name
IP address
Generate a Shared Secret Key.
Cut and paste this Key using a text editor and save it as radius_secret.txt.
Click Save.
Configuring Citrix XenApp Web Interface
Login to the Server that runs Citrix XenApp Web Interface Management.
On the Windows Start menu, click All Programs > Citrix > Management Consoles >
Citrix Web Interface Management.
In the left pane of the Citrix Web Interface Management console, click XenApp Web
Sites and select your site in the results pane.
In the Action pane, click Authentication Methods and select the Explicit check box.
Click Properties and select Two-Factor Authentication.
In the drop-down Two-factor setting, select RADIUS.
Click on Add…
Enter the IP address of the HOTPin server. Set the RADIUS port used by the HOTPin
server. (default value is 1812).
Press Ok to save configuration.
Go to c:\\Inetpub\wwwroot\Citrix\XenApp\conf.
Copy or move the file radius_secret.txt that created earler into this foler.
Restart IIS.
Go to c:\\Inetpub\wwwroot\Citrix\XenApp\Web.xml
Add IP Address as follow:
<add key="RADIUS_NAS_IP_ADDRESS" value="Radius IP Address" />
Go to c:\\Inetpub\wwwroot\Citrix\XenApp\conf\WebInterface
Add these lines:
RadiusServers=Radius IP Address
Testing the Citrix Web Interface
It is assumed that the HOTPin client has been installed on a smart phone like iPhone.
Login to Citrix Web interface via http://XenAppServer IP address/
Enter the exiting Username and Password. On your smart phone, open the HOTPin client
and press Next code to obtain a one-time code. NOTE: If you enable New Pin in
HOTPin Server, you have to key in [Your PIN] followed by [OTP] in the password field
for the first time.
If the login is successful, you will see the following interface.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF