symantec vip integration guide for citrix netscaler

Symantec VIP Integration Guide for Citrix NetScaler


Table of Contents

Using Symantec VIP with Citrix NetScaler....................................................................................... 4System requirements....................................................................................................................................................... 4VIP supported features....................................................................................................................................................4Authentication workflows................................................................................................................................................5

Workflows for RADIUS Authentication using User ID – Security Code..................................................................... 5Workflows for RADIUS Authentication using User ID – LDAP Password – Security Code........................................7

Integrating the Symantec VIP integration module with Citrix NetScaler....................................... 9Adding a Validation server..............................................................................................................................................9Configuring the Citrix NetScaler device for VIP Enterprise Gateway...................................................................... 10

Adding LDAP Authentication Server and Policy for enabling first-factor authentication...........................................10Adding the LDAP Authentication Server........................................................................................................... 11Adding the LDAP Authentication Policy............................................................................................................ 11

Configuring RADIUS Authentication using User ID - Security Code........................................................................11Step 1. Adding the RADIUS Authentication Policy and Server.........................................................................11Step 2. Configuring NetScaler Gateway Virtual Server.....................................................................................13

RADIUS Authentication using User ID - LDAP Password - Security Code..............................................................13Step 1. Adding the Authentication Policy and Server....................................................................................... 14Step 2. Configuring NetScaler Gateway Virtual Server.....................................................................................17

Testing the Integration...................................................................................................................................................17Authentication Method 1: User ID – Security Code................................................................................................. 18

Hardware and VIP Access Credential Authentication....................................................................................... 18SMS/Voice Authentication..................................................................................................................................19VIP Access Push Authentication....................................................................................................................... 20

Authentication Method 2: User ID – LDAP Password – Security Code................................................................... 20Hardware and VIP Access Credential Authentication....................................................................................... 20SMS/Voice Authentication..................................................................................................................................21VIP Access Push Authentication....................................................................................................................... 22

Integrating VIP JavaScript with Citrix NetScaler............................................................................23Prerequisites................................................................................................................................................................... 23Configuring VIP JavaScript with VIP components.....................................................................................................23Self Service Portal configuration................................................................................................................................. 24Integrating the VIP JavaScript code with your Citrix NetScaler device...................................................................24

Integrating JavaScript with Citrix NetScaler 10.x..................................................................................................... 24Task 1: Generating JavaScript code from VIP Manager...................................................................................25Task 2: Updating the Citrix NetScaler Sign-in page..........................................................................................25

Integrating JavaScript with Citrix NetScaler 11.0..................................................................................................... 25

2


Citrix NetScaler 11.0 configured with User ID – Security Code Validation server.............................................26Citrix NetScaler 11.0 configured with User ID – LDAP Password – Security Code Validation server............... 27

Integrating JavaScript with Citrix NetScaler 11.1/12.1............................................................................................. 28Citrix NetScaler 11.1 configured with User ID – Security Code Validation server.............................................28Citrix NetScaler 11.1/12.1 configured with User ID - LDAP Password - Security Code Validation server......... 30Citrix NetScaler 12.1 configured with User ID - Security Code Validation server using nFactor authenticationwith VIP Integration Code for JavaScript.......................................................................................................... 30

Testing the JavaScript integration............................................................................................................................... 33Advanced configurations for online authentication.......................................................................34

Configuring native nFactor authentication support for VIP...................................................................................... 34nFactor authentication support considerations......................................................................................................... 34Configuring VIP to natively support nFactor authentication..................................................................................... 34Test nFactor authentication support..........................................................................................................................36

Supporting selective two-factor authentication for a specific set of users.............................................................37Customizing the logon page for Citrix NetScaler 11.0...............................................................................................39Customizing the logon page for Citrix NetScaler 10.x.............................................................................................. 39

Troubleshooting issues and solutions............................................................................................ 40Copyright statement.......................................................................................................................... 41

3


Using Symantec VIP with Citrix NetScaler

Traditional user name and password authentication is no longer enough to meet today's evolving security threats andregulatory requirements. However, users demand an easy-to-use authentication solution. Corporate data and applicationsecurity requires stronger, smarter authentication which also offers greater ease of use.

Symantec VIP is a cloud-based authentication service that enables enterprises to securely access online transactions,meet compliance standards, and reduce fraud risk. VIP provides an additional layer of protection beyond the standarduser name and password. VIP offers a wide variety of additional authentication capabilities, including:

• Two factor authentication – dynamic, one-time-use security codes that are generated by a VIP credential in the formof mobile apps, desktop software, security tokens, and security cards.

• Out-of-band authentication – dynamic, one-time-use security codes that are delivered by phone call, by SMS textmessage or email, or by push notifications to a registered mobile device.

VIP is based on OATH open standards, an industry-wide consortium working with other groups to promote widespreadstrong authentication. Because Symantec hosts the service, enterprises engage one solution to support multipleenterprise, partner, and customer-facing applications that require strong authentication. This guide helps administratorsprepare for VIP integration by providing a comprehensive outline for planning, decision making, and task prioritization for asuccessful deployment.

Users generate a security code on a VIP credential that they register with Symantec’s VIP Service. They use that securitycode, along with their user name and password, to gain access to the resources that are protected by the Citrix NetScalerdevice.

Refer to the following topics to learn more about the integration requirements and how the integration works:

• System requirements• VIP supported features• Authentication workflows

System requirementsThe integration environment that is described in this document is based on the following software:

Table 1: System requirements

Product Description

Partner Product Citrix NetScaler 9.x, 10.x, 11.0, 11.1, 12.1VIP Enterprise Gateway Version 9.8 or laterAuthentication Methods Supported • User ID – Security Code

• User ID – LDAP Password – Security Code• Intelligent Authentication (IA)/Push

VIP supported featuresTable lists the VIP Enterprise Gateway features that are supported with Citrix NetScaler.

4


Table 2: VIP supported features

VIP feature Support

First-factor authenticationAD/LDAP password through VIP Enterprise Gateway YesVIP PIN NoSecond-factor authenticationVIP Push YesSMS YesVoice YesSelective strong authenticationEnd user-based YesRisk-based YesGeneral authenticationMulti-domain YesAnonymous user name YesLegacy authentication provider integration (delegation) YesAD password reset YesIntegration methodVIP JavaScript YesVIP Login NoRADIUS Yes

Authentication workflowsThe VIP integration module for Citrix NetScaler supports strong authentication in the following authentication methods.Refer to the appropriate topic for information about authentication workflows:

• RADIUS Authentication using User ID – Security CodeWorkflows for RADIUS Authentication using User ID – Security Code

• RADIUS Authentication using User ID – LDAP Password – Security CodeWorkflows for RADIUS Authentication using User ID – LDAP Password – Security Code

Workflows for RADIUS Authentication using User ID – Security CodeThe following diagram illustrates the workflow for RADIUS authentication using User ID - Security Code for VIP EnterpriseGateway.

5


Table 3: Workflow description

Step Description

1 The user enters a user name, password, and a security code on the browser or plug-in based logon screen.2 As the first part of the two-factor authentication process, the Citrix NetScaler device sends the user name and password

to the User Store. For example, the User Store can be AD/LDAP.If the User Store authenticates the user name and password, it returns the group permission details to the CitrixNetScaler device with the authentication response.

3 As the second part of the two-factor authentication process, the Citrix NetScaler device sends the user name andsecurity code to VIP Enterprise Gateway for authentication.

4 The VIP Enterprise Gateway Validation server authenticates the user name and security code with VIP Service.VIP Service sends an authentication response to VIP Enterprise Gateway.

6


Step Description

5 If VIP Service successfully authenticates the user name and security code, then VIP Enterprise Gateway returns anAccess-Accept Authentication response to the Citrix NetScaler device.

6 Based on the Access-Accept Authentication response, the Citrix NetScaler device gives the user access to the protectedresources.

Workflows for RADIUS Authentication using User ID – LDAP Password –Security CodeThe following diagram illustrates the workflow for RADIUS authentication using User ID - LDAP Password - Security Codefor VIP Enterprise Gateway.

7


Table 4: Workflow description

Step Description

1 The user enters a user name, password, and a security code on the browser or plug-in based logon screen.2 The Citrix NetScaler device sends the user name, password, and security code to VIP Enterprise Gateway.3 As the first part of the two-factor authentication process, the VIP Enterprise Gateway Validation server authenticates the

user name and password against your User Store. For example, your User Store can be AD/LDAP.If the User Store authenticates the user name and password, the authentication response includes the group permissiondetails.

4 As the second part of the two-factor authentication process, VIP Enterprise Gateway authenticates the user name andsecurity code with VIP Service.

5 If VIP Service successfully authenticates the user name and security code, then VIP Enterprise Gateway returns anAccess-Accept Authentication response to the Citrix NetScaler device.

6 Based on the Access-Accept Authentication response, the Citrix NetScaler device gives the user access to the protectedresources.

8


Integrating the Symantec VIP integration module with CitrixNetScaler

Complete the following general steps to integrate the Symantec VIP integration module with Citrix NetScaler:

Table 5: Procedures for integrating Symantec VIP with Citrix NetScaler

Step Task

1 Add the Validation server.Adding a Validation server

2 Configure the Citrix NetScaler device for Symantec VIP Enterprise Gateway.Configuring the Citrix NetScaler device for VIP Enterprise Gateway

3 Test the integration.Testing the Integration

Once you have integrated the Symantec VIP integration module with Citrix NetScaler, continue with the procedures forintegrating the VIP JavaScript with Citrix NetScaler.

See Integrating VIP JavaScript with Citrix NetScaler.

Adding a Validation serverComplete the following steps to create a Validation server:

1. Log on to VIP Enterprise Gateway and click the Validation tab.

2. Click Add Server. The Add RADIUS Validation server dialog box is

displayed.

3. Configure the RADIUS validation parameters:

Field Action

Vendor Select Citrix Systems from the drop-down list.Application Name Select the vendor’s application that you use, Citrix NetScaler.

9


Field Action

Authentication Mode Select the mode that you want to use for first and second-factor authentication.• UserID – Security code: In this authentication mode, your User Store such as AD/LDAP

validates the first-factor (user name and password). VIP Enterprise Gateway validatesthe second-factor (user name and security code) with VIP Service. Ensure that your first-factor validation works before selecting this authentication mode.

• UserID – LDAP Password – Security code: In this authentication mode, VIP EnterpriseGateway validates the first-factor (user name and password) with your User Store,such as AD/LDAP. VIP Enterprise Gateway validates the second-factor (user name andsecurity code) with VIP Service.Optionally, if you want to authorize the user according to the LDAP Groups, then you mustconfigure the LDAP–RADIUS mapping in the Validation server.

4. Click Continue to add the Validation server.

Configuring the Citrix NetScaler device for VIP Enterprise GatewayComplete the following procedures to configure the NetScaler device for your authentication method. See the NetScalerproduct documentation for specific details.

NOTE

The screen examples within these procedures have been captured from Citrix NetScaler VPX (version NS 11.0).See the product documentation for your version of the NetScaler device for specific procedures.

Table 6: Steps for configuring the Citrix NetScaler device for VIP Enterprise Gateway

Step Task

1 Add an LDAP Authentication server and authentication policy.Adding LDAP Authentication Server and Policy for enabling first-factor authentication

2 Configure RADIUS authentication for the authentication method you require:• Configuring RADIUS Authentication using User ID - Security Code• RADIUS Authentication using User ID - LDAP Password - Security Code

3 Test the integration.Testing the Integration

Adding LDAP Authentication Server and Policy for enabling first-factorauthenticationBefore you can integrate the VIP Integration Code with Citrix NetScaler device for second-factor authentication, you mustenable first-factor authentication. Complete the following steps to add an LDAP Authentication server and authenticationpolicy to enable first-factor authentication:

• Adding the LDAP Authentication Server• Adding the LDAP Authentication Policy

10


Adding the LDAP Authentication ServerPerform the following steps to add the LDAP Authentication Server:

1. In the navigation pane, expand System > Authentication and select LDAP.

2. From the Servers tab, click Add.

3. In the Create Authentication Server dialog box, type a name for the server in the Name field (For example,NetScaler_AD).

4. In the Server section, enter the following:

• IP address for the LDAP server• Port• Time-out value in seconds

5. Under Connection Settings, enter the Base DN, Administrator Bind DN, and Administrator Password. Confirm yourAdministrator Password.

6. Under Other Settings, enter the Server Logon Name Attribute, Search Filter, Group Attribute, and Sub AttributeName.

7. For Security Type, select Plain Text, and select the Authentication and User Required fields check boxes.

8. Click Create.

Adding the LDAP Authentication PolicyPerform the following steps to add the LDAP Authentication Policy:

1. From the Policies tab, click Add.

2. In the Create Authentication Policy dialog box, type a name for the policy in the Name field.

3. Select the authentication server that you created previously (For example, NetScaler_AD).

4. Under Expression, you can add your own expression according to the policy.

NOTE

For test purposes only, ns_true was added as the Expression. Add the appropriate policy according to yourenterprise requirements.

5. Click Create.

Configuring RADIUS Authentication using User ID - Security CodeConfiguring RADIUS authentication for User ID - Security Code requires two steps:

• Step 1. Adding the RADIUS Authentication Policy and Server• Step 2. Configuring NetScaler Gateway Virtual Server

Step 1. Adding the RADIUS Authentication Policy and Server1. In the navigation pane, expand System > Authentication and select RADIUS. If you use Citrix NetScaler 12.1,

expand System > Authentication > Basic Policyand select RADIUS.

2. From the Policy tab, click Add. The Create Authentication RADIUS Policy page is displayed.

3. In the Create Authentication Policy box, type a name for the policy in the Name field.

4. From the Server drop-down list, select the + option to add VIP RADIUS server.

11


5. In the Create Authentication RADIUS Server dialog box, type a name for the server in the Name field.

6. In the Server section, specify values for each of the following parameters:

Field Action

IP Address Enter the IP address of the Validation Server.Port Enter the port number of the Validation Server.Time-out Enter a value in seconds.

Note: If you integrate out-of-band authentication (SMS, Voice, or Push), set the Time-outfield to a minimum value of 60 seconds to avoid authentication failures.

Secret Key Enter the secret key and confirm it. Be sure that the Secret Key and the VIP RADIUS SharedSecret Key are the same.

12


7. Click Create to create the RADIUS Server.

8. In the Create Authentication RADIUS Policy page, under Expression, you can add your own expression according tothe policy.

NOTE

For test purposes only, ns_true is added as the Expression. Add the appropriate policy according to yourenterprise requirements.

9. Click Create.

Step 2. Configuring NetScaler Gateway Virtual Server1. In the navigation pane, expand NetScaler Gateway > Virtual Servers, and click Add to new virtual server or Open

the existing virtual server.

2. Ignore Step 2 to Step 4 if the LDAP server is already configured as the primary authentication server.

3. Under the Authentication section, click the + option.

4. From the Choose Policy drop-down list, select LDAP as the Policy and Primary as the Type, and click Continue.

5. Click Bind to select your LDAP policy and then click Insert.


7. From the Choose Policy drop-down list, select RADIUS as the Policy and Secondary as the Type, and clickContinue.

8. Click Bind to select your RADIUS policy and then click Insert.

9. Click OK.

.

RADIUS Authentication using User ID - LDAP Password - Security CodeConfiguring RADIUS authentication for User ID - LDAP Password - Security Code requires two steps:

13


• Step 1. Adding the Authentication Policy and Server• Step 2. Configuring NetScaler Gateway Virtual Server

Step 1. Adding the Authentication Policy and Server1. In the navigation pane, expand System > Authentication, and select RADIUS. If you use Citrix NetScaler 12.1,

expand System > Authentication > Basic Policyand select RADIUS.

2. From the Policy tab, click Add. The Create Authentication RADIUS Policy page is displayed.

3. In the Create Authentication Policy box, type a name for the policy in the Name field.

4. From the Server drop-down list, select the + option to add VIP RADIUS server.

5. In the Create Authentication Policy dialog box, type a name for the policy in the Name field.

6. From the Server field, select the server that you created previously (For example, VIP_Server_1).

7. In the Create Authentication Server dialog box, type a name for the server in the Name field.

14


8. In the Server section, specify values for each of the following parameters:

Field Action

IP Address Enter the IP address of the Validation Server.Port Enter the port number of the Validation Server.Time-out Enter a value in seconds.

Note: If you integrate out-of-band authentication (SMS, Voice, or Push), set the Time-out fieldto a minimum value of 60 seconds to avoid authentication failures.

Secret Key Enter the secret key and confirm it. Be sure that the Secret Key and the VIP RADIUS SharedSecret Key are the same.

9. Click Details to expand the advanced configuration and enter a value in the Group Attribute Type field. The valuemust match the RADIUS Mapping Attribute value that you entered when configuring the RADIUS–LDAP mapping inthe VIP Enterprise Gateway Validation server. Ignore this step if you do not want to authorize a user based on theLDAP group.

15


NOTE

In this example, the Validation server RADIUS Mapping Attribute is selected as Class. The Class value of25 was entered as the Group Attribute Type in the Citrix authentication server. Refer to the RFC for theRADIUS attribute numeric value.

10. On the Create Authentication RADIUS Policy page, under Expression, you can add your own expression according tothe policy.

NOTE

For test purposes only, ns_true was added as the Expression. Add the appropriate policy according to yourenterprise requirements.

16


11. Click Create.

Step 2. Configuring NetScaler Gateway Virtual Server1. In the navigation pane, expand NetScaler Gateway > Virtual Servers.

2. Click Open the existing virtual server. If any other server is configured as the primary server, remove it.


4. From the Choose Policy drop-down list, select RADIUS as the Policy and Primary as the Type, and click Continue.

5. Click Bind to select your RADIUS policy and then click Insert.

6. Click OK.

Testing the IntegrationThis section describes the procedures for testing the integration of Citrix NetScaler with Symantec VIP. An authenticationmethod can integrate the following verification mechanisms:

• Hardware and VIP Access Credential: In this method, the security code that you generate on your hardware or VIPAccess credential is used with your user name and password to access the protected resources.

• SMS/Voice: If you have configured out-of-band (OOB) authentication in the VIP Enterprise Gateway Validation serverand in VIP Manager, then a security code is sent to your registered mobile device over SMS or Voice. You must usethis security code besides the user name and password to access the protected resources.

• VIP Access Push: For users who have installed VIP Access on their registered mobile devices, VIP Service sends aVIP Push notification message to the mobile device. The user must tap Allow on the device to perform the second-factor authentication and complete the sign-in.

To test the integration, you can access Citrix Access Gateway in the following ways:

• Browser-based logon• Plug-in-based logon

Each authentication method contains instructions to access Citrix Access Gateway.

Refer to the following topics for details on testing the integration, based on the authentication method and verificationmechanism:

17


Table 7: Procedures for testing the integration based on authentication method and verification mechanism

Authentication Method Verification Mechanism

Authentication Method 1: User ID – Security Code • Hardware and VIP Access Credential Authentication• SMS/Voice Authentication• VIP Access Push Authentication

Authentication Method 2: User ID – LDAP Password – SecurityCode

• Hardware and VIP Access Credential Authentication• SMS/Voice Authentication• VIP Access Push Authentication

Authentication Method 1: User ID – Security CodeRefer to the appropriate topic for details on testing a User ID - Security Code integration with the following verificationmechanisms:


Hardware and VIP Access Credential Authentication1. Access the logon page as follows:

• For browser-based logon: Access the Citrix Access Gateway Virtual Server (For example, https://mycitrix.com).The following page is displayed:

• For plug-in-based logon: Double-click the Access Gateway Plug-in icon. The Citrix Access Gateway window isdisplayed.

18

https://mycitrix.com


2. Enter the user name and password.

NOTE

For details on customization, refer to the appropriate topic:

Customizing the logon page for Citrix NetScaler 11.0

Customizing the logon page for Citrix NetScaler 10.x

3. Update the Security Code (or Secondary password) field as follows:

• For browser-based logon: Enter the security code that you generate on your hardware or VIP Access credential.• For plug-in-based logon: Right-click for advanced options to enable the Secondary password field, and then enter

the security code that you generate on your hardware or VIP Access credential.

4. Click Log On for browser-based logon (or click Connect for plug-in-based logon). After successful authentication, youcan access the protected resources.

SMS/Voice Authentication1. Access the logon page as follows:

• For browser-based logon: Access the Citrix Access Gateway Virtual Server (For example, https://mycitrix.com).The logon page is displayed.


19





• For browser-based logon: Enter Push or Send.• For plug-in-based logon: Right-click for advanced options to enable the Secondary password field, and then enter

Push or Send.NOTE

The keywords Push and Send are not case-sensitive.

4. Click Log On for browser-based logon (or click Connect for plug-in-based logon). If the credentials are correct, youreceive a security code over SMS or Voice on your registered mobile device and the Challenge page is displayed.

5. In the Enter Your Security Code field, enter the security code that you received on your device.

6. Click Submit for browser-based logon (or click Send Response for plug-in-based logon). After successfulauthentication, you can access the protected resources.

VIP Access Push Authentication1. Access the logon page as follows:





• For browser-based logon: Enter Push or Send.• For plug-in-based logon: Right-click for advanced options to enable the Secondary password field, and then enter

Push or Send.NOTE

The keywords Push and Send are not case-sensitive.

4. Click Log On for browser-based logon (or click Connect for plug-in-based logon). If the credentials are correct, youreceive a Push notification on your registered mobile device.

5. Tap Allow on your device to complete the authentication. After successful authentication, you can access theprotected resources.

Authentication Method 2: User ID – LDAP Password – Security CodeRefer to the appropriate topic for details on testing a User ID - LDAP Password - Security Code integration with thefollowing verification mechanisms:


Hardware and VIP Access Credential Authentication1. Access the logon page as follows:


20





2. Update the following fields:

• Enter the user name.• In the Password + Security Code field for browser-based logon (or Password field for plug-in-based logon), enter

the password, followed by the security code that you generate on your hardware or VIP Access credential.NOTE

In case of plug-in-based logon, do not right-click for advanced options to enable the Secondary passwordfield. You must enter the password, followed by the security code in the Password field.

3. Click Log On for browser-based logon (or click Connect for plug-in-based logon). After successful authentication, youcan access the protected resources.

SMS/Voice Authentication1. Access the logon page as follows:

• For browser-based logon: Access the Citrix Access Gateway Virtual Server (For example, https://mycitrix.com).The following logon page is displayed.

21





3. Click Log On for browser-based logon (or click Connect for plug-in-based logon). If the credentials are correct, youreceive a security code over SMS or Voice on your registered mobile device and the Challenge page is displayed.

4. In the Enter Your Security Code field, enter the security code that you received on your device and click Submit.After successful authentication, you can access the protected resources.

VIP Access Push Authentication1. Access the logon page as follows:

• For browser-based logon: Access the Citrix Access Gateway Virtual Server (for example, https://mycitrix.com).The logon page is displayed.



3. Click Log On for browser-based logon (or click Connect for plug-in based logon). If the credentials are correct, youreceive a Push notification on your registered mobile device.

4. Tap Allow on your device to complete the authentication. After successful authentication, you can access theprotected resources.

22



Integrating VIP JavaScript with Citrix NetScaler

VIP JavaScript supports the following verification methods:

• Push authentication• SMS/Voice-based security code• Email-based security code• Device fingerprint• Registered computer (RC)• Intelligent Authentication (Risk-based)

Complete the following general steps to integrate VIP JavaScript with Citrix NetScaler:

Table 8: Procedures for integrating VIP JavaScript with Citrix NetScaler

Step Task

1 Ensure that you meet the prerequisites.Prerequisites

2 Configure the VIP JavaScript.Configuring VIP JavaScript with VIP components

3 Configure your Self Service Portal.Self Service Portal configuration

4 Integrate the VIP JavaScript with your Citrix NetScaler device.Integrating the VIP JavaScript code with your Citrix NetScaler device

5 Test the integration.Testing the JavaScript integration

PrerequisitesBefore you configure VIP JavaScript, you must complete the installation and configuration of the VIP integration module.

See Integrating the Symantec VIP integration module with Citrix NetScaler.

If the VIP RADIUS Enterprise Gateway server is integrated with the Citrix NetScaler server, you must disable the AccessChallenge feature in the VIP Enterprise Gateway Validation server. See the VIP Enterprise Gateway Installation andConfiguration Guide.

Configuring VIP JavaScript with VIP componentsYou must configure the VIP Policy in VIP Manager. See the Symantec VIP Intelligent Authentication Enterprise IntegrationGuide (IA_Enterprise_Integration.pdf), available from the Account > Download Files > Intelligent Authentication link in VIPManager.

If the user’s logon ID is different from the user’s ID registered in the cloud, you must enable the enterprise logon IDmapping feature in VIP Manager. For example, a user’s logon ID may be the samAccountName [domain\user] and theuser may be registered as userprincipal name [[email protected]].

23


To enable the enterprise logon ID mapping feature, do the following:

1. Log into VIP Manager.

2. Click the Policies tab. The VIP Policy Configuration page is displayed.

3. Click the Components sub-tab.

4. Click the Edit link and select Yes for the Enable enterprise logon ID mapping option.

Self Service Portal configurationThe Self-Service Portal is a cloud-based web application. Your users can use this application to register, test, reset, orremove credentials from their accounts. You can configure VIP Enterprise Gateway to provide secure access for yourusers to the Self-Service Portal, and for your administrators to VIP Manager.

You can either configure SSP IdP in VIP Enterprise Gateway or SSP IdP Proxy to configure Intelligent Authentication(IA) and out-of-band authentication such as email, SMS, Voice OTP. Refer the VIP Enterprise Gateway Installation andConfiguration Guide to configure SSP IdP or SSP IdP proxy component.

For either case, you must provide the correct URL:

• If you plan to use the Self Service Portal IdP for JavaScript integration, use the following URL format to generate theVIP Integration Code:https://<Your_SSP_IDP_FQDN>:8233/vipssp/login

• If you plan to use the Self Service IdP Proxy for JavaScript integration, you must provide the explicit path to your SelfService Portal IdP Proxy (in the DMZ). For example:https://<SSP_IDP_Proxy_FQDN>/dmzssp/DmzListener

Integrating the VIP JavaScript code with your Citrix NetScaler deviceTo integrate the VIP JavaScript code with your Citrix NetScaler device, you must insert the VIP JavaScript IntegrationCode into your Citrix NetScaler logon page. Refer to the appropriate procedures, based on your version of CitrixNetScaler:

• Integrating JavaScript with Citrix NetScaler 10.x• Integrating JavaScript with Citrix NetScaler 11.0• Integrating JavaScript with Citrix NetScaler 11.1/12.1

Integrating JavaScript with Citrix NetScaler 10.xComplete the following general steps to generate JavaScript code from VIP Manager, and update the Citrix NetScalersign-in page:

• Task 1: Generating JavaScript code from VIP Manager• Task 2: Updating the Citrix NetScaler Sign-in page

24


Task 1: Generating JavaScript code from VIP ManagerPerform the following steps in VIP Manager:

1. Log into VIP Manager and navigate to Account > VIP Policy Configuration > Account > Edit.

2. Click the VIP Integration Code for JavaScript link to generate code.

3. If Citrix NetScaler is configured with the User ID – LDAP Password – Security Code authentication mode, select theSimplified method to generate the VIP integration code.

4. If Citrix NetScaler is configured with the User ID – Security Code authentication mode, select the Manual method.Then, you must select the User ID – Security Code authentication mode to generate the VIP integration code. If youare unsure about the value for the user name, password, security code, and form name fields, use the followingvalues:

• User Name Field Name: login• Password Field Name: passwd• Security Code Field Name: passwd1• Form Name: Log_On

Task 2: Updating the Citrix NetScaler Sign-in pagePerform the following steps to update the sign-in page of the module:

1. Back up the Citrix NetScaler Sign-In page (/Netscaler/ns_gui/vpn/index.html).

2. If you generate the VIP integration code for the Citrix NetScaler module that is configured with the User ID – LDAPPassword – Security Code authentication mode, copy the VIP integration code that you have generated in VIPManager. Paste it just before the </BODY> tag at the end of the index.html file.

3. If you generate the VIP integration code for the Citrix NetScaler module that is configured with the User ID – SecurityCode authentication mode, do the following:

• Copy the VIP integration code that you have generated in VIP Manager. Paste it just before the </BODY> tag at theend of the index.html file.

• In the login.js file, add the code that is highlighted in the following sample code to hide the password2 field:<SPAN style="display:none" class=CTXMSAM_LogonFont>' + _("Password2")

+ '</SPAN></TD> <TD colspan=2 style="padding-right:8px;">

<input class=CTXMSAM_ContentFont type="Password" title="' + _

("Enter password") + '" name="passwd1" id="passwd1"

size="30" maxlength="32" style="display:none"

style="width:100%;"></TD></TR>');

NOTE

The password2 field is filled automatically after the JavaScript integration with the Citrix NetScalermodule.

Integrating JavaScript with Citrix NetScaler 11.0Complete the appropriate steps to generate JavaScript code from VIP Manager, and update the Citrix NetScaler sign-inpage. The procedures you follow vary, depending upon your authentication method:

• Citrix NetScaler 11.0 configured with User ID – Security Code Validation server• Citrix NetScaler 11.0 configured with User ID – LDAP Password – Security Code Validation server

25

Citrix NetScaler 11.0 configured with User ID – Security Code Validation serverPerform the following steps if you have configured Citrix NetScaler 11.0 with User ID – Security Code Validation server:

1. Open the /netscaler/vpn_gui/vpn/Index.html file and paste the following JavaScript code before the </head> tags.



<script type="text/javascript" src="https://userservices.vip.

symantec.com/vipuserservices/resources/js/v_1_0/vip?appId=<APPID>&idpURL=https://<SSP_IDP OR Proxy_URL>">

</script>

<script type="text/javascript">

function vipAuth()

{

var securitycodeField = $('[name="passwd1"]');

var passwordField = $('[name="passwd"]');

var formName = 'vpnForm';

var usernameField = $('[name="login"]');

var username = usernameField.val();

var password = passwordField.val();

try{ if (username && password) {

vip.genTicket({user:username, password:password}, function(success, ret)

{

try{ if (success) {

securitycodeField.val(ret.ticket);

document.forms[formName].onsubmit=function (event){return true;};

document.forms[formName].submit(); }

else {alert("Fail; " + ret.toString());} }

catch(e){alert("In callback");}

}); } }

catch(e){ alert(e); }

return false;

}

</script>



2. In the JavaScript code, update the APPID and SSP_IDP OR Proxy_URL values as follows:

• APPID: Get the APPID from the VIP Manage Policy Configuration page. To get the APPID, do the following:– Log on to VIP Manager and navigate to Account > VIP Policy Configuration > Account > Edit.– Click the VIP Integration Code for JavaScript link to generate the code, select Simplified as the method to

generate the integration code. The APPID displays.• SSP_IdP OR Proxy_URL: Based on your requirements, you can configure either Self Service Portal IdP or Self

Service IdP Proxy.See Self Service Portal configuration.

3. Open the /netscaler/vpn_gui/vpn/js/gateway_login_form_view.js file and do the following:

• Search for the following code, and then add 'onClick':'return vipAuth();' at the appropriate place in the code:var Login = $ ("input type='submit'></input>").attr

({'id':'Log_on','value': 'Log On',

'class': 'custombutton login_page', 'disabled':

'disabled'}).appendTo(right_loginbutton);

For example,var Login = $ ("input type='submit'></input>").attr

26

({'id':'Log_on','value': 'Log On',

'class': 'custombutton login_page','disabled':

'disabled','onClick':'return vipAuth();'}).

appendTo(right_loginbutton);}). appendTo(right_loginbutton);

• Search for the following code, and then add "style":"display:none;" at the appropriate place in the code to hidethe password2 field:var enter_passwd2 = $ ("<input type='password'></input>").

attr({'id':'passwd1','class':'prePopulatedCredentials',

'autocomplete':'off', 'spellcheck' : 'false', 'name' :'passwd1',

'size':'30', 'maxlength' : '127',"width":"180px"})

For example,var enter_passwd2 = $ ("<input type='password'></input>").

attr({'id':'passwd1','class':'prePopulatedCredentials',

'autocomplete':'off', 'spellcheck' : 'false', 'name' :'passwd1',

'size':'30', "style":"display:none;", 'maxlength' : '127',

"width":"180px"})

• Search for the following code, and then add $(password2).hide(); next to the code:var password2 = $("<span></span>").addClass

('plain input_labels form_text'). attr("id","Password2");

For example, var password2 = $("<span></span>").addClass

('plain input_labels form_text'). attr("id","Password2"); $(password2).hide();

4. Save the changes.

Citrix NetScaler 11.0 configured with User ID – LDAP Password – Security Code ValidationserverPerform the following steps if you have configured Citrix NetScaler 11.0 with User ID – LDAP Password – Security CodeValidation server:

1. Open the netscaler/vpn_gui/vpn/Index.html file and paste the following JavaScript code before the </head> tags.

<script type="text/javascript" src=

"https://userservices.vip.symantec.com/vipuserservices/resources/

js/v_1_0/vip?appId=<APPID>&idpURL=https://<SSP_IDP OR Proxy_URL>">

</script>


function vipAuth()

{

var passwordField = $('[name="passwd"]');

var formName = 'vpnForm';

var usernameField = $('[name="login"]');



try{ if (username && password) {

vip.genTicket({user:username, password:password}, function(success, ret)

{

try{ if (success) {

passwordField.val(password + ret.ticket);

document.forms[formName].onsubmit=function (event){return true;};

document.forms[formName].submit(); }

27

else {alert("Fail; " + ret.toString());} }

catch(e){alert("In callback");}

}); } }

catch(e){ alert(e); }

return false;

}

</script>



2. In the JavaScript code, update the APPID and SSP_IDP_Proxy_URL values as follows:

• APPID: Get the APPID from the VIP Manage Policy Configuration page. To get the APPID, do the following– Log on to VIP Manager and navigate to Account > VIP Policy Configuration > Account > Edit.– Click the VIP Integration Code for JavaScript link to generate the code, select Simplified as the method to



3. Open the /netscaler/vpn_gui/vpn/js/gateway_login_form_view.js file and do the following:

• Search for the following code, and then add 'onClick':'return vipAuth();' at the appropriate place in the code:var Login = $("<input type='submit'>,/input>").attr

({'id':'Log_On','value':'Log On','class':'custombutton

login_page','disabled':'disabled'}). appendTo(right_loginbutton);

For example,var Login = $("<input type='submit'>,/input>").attr

({'id':'Log_On','value':'Log On','class':'custombutton

login_page','disabled':'disabled'}). 'onClick':'return

vipAuth();'}).appendTo(right_loginbutton);

4. Save the changes.

Integrating JavaScript with Citrix NetScaler 11.1/12.1See the appropriate topics for procedures on integrating the VIP JavaScript Integration Code with Citrix NetScaler11.1/12.1, based on the Validation server you configured:

• Citrix NetScaler 11.1 configured with User ID – Security Code Validation server• Citrix NetScaler 11.1/12.1 configured with User ID - LDAP Password - Security Code Validation server• Citrix NetScaler 12.1 configured with User ID - Security Code Validation server using nFactor authentication with VIP

Integration Code for JavaScript

Citrix NetScaler 11.1 configured with User ID – Security Code Validation serverPerform the following steps if you have configured Citrix NetScaler with User ID – Security Code Validation server:

1. Open the /netscaler/ns_gui/vpn/Index.html file and paste the following JavaScript code before the </head> tags.


$(document).ready(function() {

$.getScript("https://userservices.vip.symantec.com/vipuserservices/

resources/js/v_1_0/vip?appId=<APPID>&idpURL=<SSP_IDP OR Proxy_URL>&autoIntegration=manual");

});

28

Citrix NetScaler 11.1/12.1 configured with User ID - LDAP Password - Security Code ValidationserverPerform the following steps if you have configured Citrix NetScaler 11.0/12.1 with User ID - LDAP Password - SecurityCode Validation server:

1. Open the Index.html file (located at /netscaler/ns_gui/vpn/) and paste the following JavaScript code before the </head> tags.



$.getScript("https://userservices.vip.symantec.com/vipuserservices/

resources/js/v_1_0/vip?appId=<APPID>&idpURL=<SSP_IDP OR Proxy_URL>&autoIntegration=manual");

});


if (document.getElementById('Enter user name') &&

document.getElementById('passwd')) {

vipIaIntegrationProperties.setUsernameFieldName

(document.getElementById('Enter user name').getAttribute("name"));

vipIaIntegrationProperties.setPasswordFieldName

(document.getElementById('passwd').getAttribute("name"));

vipIaIntegrationProperties.setFormName('vpnForm');

}

}

</script>


2. In the JavaScript code, update the APPID and SSP_IDP Or Proxy_URL values as follows:


generate the integration code. The APPID displays.– SSP_IdP OR Proxy_URL: Based on your requirements, you can configure either Self Service Portal IdP or Self


Citrix NetScaler 12.1 configured with User ID - Security Code Validation server using nFactorauthentication with VIP Integration Code for JavaScriptYou can configure VIP to support nFactor authentication in Citrix NetScaler using the VIP Integration Code for JavaScript.nFactor authentication lets you configure what type of authentication your users must perform, based on criteria youdefine. For detailed information about Citrix nFactor authentication, see the Citrix documentation.

Perform the following steps to configure nFactor authentication on Citrix NetScaler 12.1 using the VIP Integration Codefor JavaScript. nFactor authentication with VIP Integration Code for JavaScript is only supported if you configure yourValidation server in User ID - Security Code mode. Additionally, selective multi-factor authentication is not supported.

Optionally, you can natively integrate native nFactor authentication support with Citrix NetScaler.

30


See Configuring native nFactor authentication support for VIP.

1. Open the tmindex.html file (located at var/netscaler/logon/LogonPoint/) and paste the following JavaScriptcode before the </body> tags.<script>

//var isSubmitted = false;


var localization = $.localization;

$(document).ajaxStop(function() {

if ($('#Logon').length==1) {

$('.form-container .credentialform').attr('name','VipSignin_Form');

// change the place of original submit button to avoid any conflict

and hide it

$('#Logon').hide();

a = $('.credentialform a#Logon').detach();

a.appendTo('.form-container');

// Hide security code field and label

$('.CredentialTypepassword').eq(1).css('display', 'none');

// append a fake submit button

$('.form-container .credentialform .buttonscontainer').prepend

('<input id="customLogon" type="submit" value="Submit" style=

"float:left; font-size:12px; padding: 3px 7px;">');

//include the vip script

$.getScript("https://userservices.gqa.vip.symc.io/vipuserservices/

resources/js/v_1_0/vip?appId=<APPID>&idpURL=https://<SSP_IDP OR

Proxy_URL>&autoIntegration=manual");

}

});


var usernameField = $('#login');

var passwordField = $('#passwd1');

var otpField = $('#passwd');

var formName = 'VipSignin_Form';



var butSubmit = $('#Logon');

if (username && password && isSubmitted) {

console.log(username);

console.log(password);

vip.genTicket({user:username, password:password}, function

(success, ret) {

try{

31


if (success) {

passwordField.val(password);

otpField.val(ret.ticket);

$('#customLogon').attr("disabled", "disabled");

$("#Logon")[0].click();

return false;

}

else {

if(typeof console != "undefined" && typeof console.log

!= "undefined") {

console.log("GenTicket failed " + ret.toString());

}

}

} catch(err) {

if(typeof console != "undefined" && typeof console.log

!= "undefined") {

console.log('ERROR: Unable to generate ticket');

}

}

});

}

return false;

}

// to make sure submit button is clicked

$(document).on('click', '#customLogon', function(e) {

e.preventDefault();

$.localization = localization;

isSubmitted = true;

return vipAuth();

});

});

</script>

2. In the JavaScript code above, update the APPID and SSP_IDP Or Proxy_URL values as follows:

• APPID: Get the APPID from the VIP Manage Policy Configuration page:– Log on to VIP Manager and navigate to Account > VIP Policy Configuration > Account > Edit.– Click VIP Integration Code for JavaScript to generate the code and select Simplified as the method to

generate the integration code. The APPID displays.• SSP_IdP OR Proxy_URL: Based on your requirements, you can configure either Self Service Portal IDP or Self


32


Testing the JavaScript integrationPerform the following steps to test the JavaScript integration:

1. Access the Citrix NetScaler VPN URL.

2. Enter a valid user name and password.

3. Click Continue. The Confirm Your Identity window is displayed.

4. Enter a valid security code.

5. Select the Remember this private device check box, and click Continue.

You can access the protected resource after successful authentication. The next time that you log on, you will not beprompted for the security code as you have opted to remember the device.

33


Advanced configurations for online authentication

You can add functionality to your Symantec VIP integration with Citrix NetScaler by performing some advancedconfigurations. The following advanced configurations are available for your integration:

• Configuring native nFactor authentication support for VIP• Supporting selective two-factor authentication for a specific set of users• Customizing the logon page for Citrix NetScaler 11.0• Customizing the logon page for Citrix NetScaler 10.x

Configuring native nFactor authentication support for VIPYou can configure VIP to natively support nFactor authentication in Citrix NetScaler. nFactor authentication lets youconfigure what type of authentication your users must perform, based on criteria you define. For example, you can requireone authentication factor or two-step verification. If you require two-step verification, you can choose the type of two-stepverification to require, such as VIP Access Push or security codes. Additionally, you can configure nFactor to select theauthentication factor based on the previous authentication factor, and configure the order in which they are applied.

For detailed information about Citrix nFactor authentication, see the Citrix documentation.

Optionally, you can integrate nFactor authentication support with Citrix NetScaler using the VIP Integration Code forJavaScript .

See Citrix NetScaler 12.1 configured with User ID - Security Code Validation server using nFactor authentication with VIPIntegration Code for JavaScript.

To configure VIP to support nFactor authentication, follow these steps. Your Citrix NetScaler integration prompts theuser for the level of authentication based on the AD user group to which they belong; single factor (user name andpassword), or two-step verification through VIP. If the user group requires two-step verification, VIP prompts the userfor the authentication method available to the user, such as VIP Access Push, SMS, or a Voice call. Users in this groupalways have the option of entering security codes for two-step verification.

• nFactor authentication support considerations• Configuring VIP to natively support nFactor authentication• Test nFactor authentication support

nFactor authentication support considerationsNote the following before configuring VIP with nFactor authentication:

• nFactor authentication with VIP supports RADIUS only for most use cases. nFactor authentication with VIP issupported for JavaScript integrations only in Citrix NetScaler 12.1 configured with a User ID - Security Code Validationserver.See Citrix NetScaler 12.1 configured with User ID - Security Code Validation server using nFactor authentication withVIP Integration Code for JavaScript.

• nFactor authentication with VIP does not support User ID – LDAP Password – Security Code authentication.• The procedures that are described here use command-line input. Although these steps can be done in the Citrix

NetScaler portal, using the command line is typically easier.

Configuring VIP to natively support nFactor authenticationComplete the following procedures to configure VIP to natively support nFactor authentication:

34


1. Download the Citrix_Netscaler.zip file from the Account > Download Files > Third_Party_Integrations > EnterpriseGateway 9.8 link in VIP Manager and extract the contents to a temporary directory.

2. Create a Validation server in VIP Enterprise Gateway:

• Log on to VIP Enterprise Gateway and click the Validation tab.• Click Add Server. The Add RADIUS Validation server dialog box is displayed.• Configure the RADIUS validation parameters:

– Vendor: Select Citrix Systems.– Application Name: Select Citrix NetScaler.– Authentication Mode, select UserID – Security code.

• Click Continue to add the Validation server.

3. Create a group in your AD or LDAP and add any users that require two-step verification. You need this group name inlater in these procedures.

These procedures use the group name 2FA_Required, but you can use any name you choose.

4. Locate the following files from the nFactor subdirectory of the temporary location where you extracted theCitrix_Integration.zip file earlier in these procedures. Copy the XML files to the /flash/nsconfig/loginschema/LoginSchema/ directory on the computer running Citrix NetScaler. These files configure your CitrixNetScaler server to apply the policies you create in the next step to the AD group you created in the previous step.Each file enforces a different authentication scheme:

• Nopwd.xml: Allows users to sign in without entering a password, and without two-step verification.• Passwd1.xml: Requires users to enter a password when they sign in, without two-step verification.• DualAuth_Flipped_new.xml: Enforces two-step verification, and requires users to enter a password when they

sign in.

5. In a standard text editor, modify the nFactor_authentication_query file in the nFactor subdirectory of thetemporary location where you extracted the Citrix_Integration.zip file earlier in these procedures. Edit thehighlighted fields to match your AD or LDAP and VIP Enterprise Gateway environment. You need the followinginformation:

Value to Replace Description

<Authentication_Virtual_Server_ip> IP address of the Authentication server that is used for nFactor authentication.<Name of the SSL Virtual server certificate> Subject Name of your SSL certificate for your Authentication server.<LDAP server_IP> IP address of your AD server or LDAP server.

35


Value to Replace Description

<baseDN> Base DN of your AD server or LDAP server.<binduser@domaincom> Bind DN of your AD server or LDAP server.<binduser_password> The password for the Bind DN of your AD server or LDAP server.“memberOf=CN=<group_name>,CN=<Users>,dc=<acme>,dc=<com>"

User filter information for your AD server or LDAP server. The group_nameshould be the name of the AD group or LDAP group that you created earlier inthese procedures.

<valserver_IP> IP address of the Validation server.<port_number> Port number on which the Validation server listens.<shared_secret> RADIUS shared secret for the Validation server.

6. From the command line on the computer running Citrix NetScaler, run the modified nFactor_authentication_query.Make sure that the entire query updated successfully.

Test nFactor authentication supportTest the integration by logging into the nFactor Authentication Virtual Server.

1. On the logon screen, enter a test user name and click Log On.

2. Enter the password for the test user and click Submit.

36


3. Based on your VIP configuration and the credential type that is assigned to the test user, you are prompted for theappropriate two-step verification method:

• For a test user with the VIP Access app, VIP sends a Push request to the test mobile device. Approve the Pushrequest to log on.

• If VIP is configured for SMS or Voice Calls, VIP sends an SMS message or voice call containing a security code tothe mobile device of the test user. If VIP is configured for any other two-step verification method, or the credential isa physical token or VIP Security Card, generate a security code.Enter the security code and click Submit to log on.

Supporting selective two-factor authentication for a specific set ofusersYou can define distinct authentication or authorization policies in your corporate LDAP environment based on userDistinguished Names (DN) or group information. You can selectively provide highly secure two-factor authentication to aset of users. For example, a company can enable two-factor authentication for the system administrators who typicallyhave higher privileges. The rest of the employees of the company may not have to use two-factor authentication.

You can configure Citrix NetScaler in the cascade authentication mode to enable a subset of users for two-factorauthentication.

37


Complete the following steps to configure selective two-step verification:

1. In your organization's LDAP/AD, make sure that you have grouped the users who use two-factor authentication. InCitrix NetScaler, configure the RADIUS and AD/LDAP server.

• In VIP Enterprise Gateway, configure your User Store filter so that the group of users who use VIP authenticationonly can be searched.

• In Citrix NetScaler, configure your LDAP/AD user filter in such a way that the users who authenticate by ADpassword alone can be searched.

2. In the virtual server, add a new server or open the server that you want to update.

3. Navigate to the Authentication tab. Insert the User ID – LDAP Password – Security Code mode VIP RADIUS serverpolicy, followed by the LDAP policy or the AD policy.

38


4. Click Done.

Customizing the logon page for Citrix NetScaler 11.0Perform the following steps to customize the logon page for Citrix NetScaler version 11.0:

1. Log on to the Citrix NetScaler Admin console and navigate to Configuration > NetScaler Gateway > Portal Themes.

2. Click Add to add a new theme. Enter the new theme name, select the theme template (for example, GreenBubble),and then click OK to save the changes.

3. Click OK on the Portal Theme page to save the changes. Then, click Back to return to the Portal Theme page.

4. Select the theme that you created, and click Edit.

5. In Advanced settings, click the Logon page. Then, change the password and password2 field labels according to yourrequirements, and click OK to save the changes.

6. Click the click to bind and view configured theme link to verify the changes, and then click Done.

7. Save the NetScaler configuration.

Customizing the logon page for Citrix NetScaler 10.xTo customize the logon page for Citrix NetScaler version 10.x, refer to the following article:

http://support.citrix.com/article/CTX126206

39

http://support.citrix.com/article/CTX126206


Troubleshooting issues and solutions

The following are some of the common issues that you may encounter during integration, along with typical solutions.

Table 9: Troubleshooting issues

Issues Solutions

The log file contains the error message, Authentication failed withincorrect LDAP static password.

Use any of the following solutions:• The password may be locked or it may have expired. Reset

the password.• Make sure that the RADIUS shared secret set in the VIP

Enterprise Gateway Validation server and the application arethe same.

Authentication fails even before you get the SMS/ Voice securitycode or the Push notification on the registered mobile device.

When configuring the RADIUS Server of the application, set theTime-out field to 20 seconds and Retries to 3. If the Retries fieldis unavailable, set the Time-out field to a minimum of 60 seconds.

In the JavaScript integration, the Don't have a security code linkis not displayed in the Confirm Your Identity window.

Make sure that:• The user in the Active Directory has values for email,

telephone, and mobile attributes to perform out-of-bandauthentication.

• The vipssp application is up and running.• The vipssp application is accessible from the user computer.

40


Copyright statement

Broadcom, the pulse logo, Connecting everything, and Symantec are among the trademarks of Broadcom.

Copyright ©2020 Broadcom. All Rights Reserved.

The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visitwww.broadcom.com.

Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom doesnot assume any liability arising out of the application or use of this information, nor the application or use of any product orcircuit described herein, neither does it convey any license under its patent rights nor the rights of others.

41

http://www.broadcom.com

symantec vip integration guide for citrix netscaler

Documents