You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > Citrix Templates > Creating Resource Profiles for Citrix Clientless Access

Creating Resource Profiles for Citrix Clientless Access

If you have the Citrix StoreFront, you can create a Web template to allow users to access Citrix applications without the need for a Citrix client. Users must have one of the following browser versions (or later) to support HTML5 and Websockets:

http://www.juniper.net/techpubs/images/note.gif

Note: You can collect all the logs related to this feature using hprewrite-server as the process name.

To create a resource profile using the Citrix template:

  1. Select Users > Resource Profiles > Web in the admin console.
  2. Click New Profile.
  3. Select Citrix StoreFront (HTML Receiver) from the Type list.
  4. Enter a unique name and optionally a description for the Citrix resource profile.
  5. Enter the URL of the Citrix StoreFront Web server in the Base URL field. Use the format: [protocol://]host[:port][/path]. The system uses the specified URL to define the default bookmark for the Citrix resource profile. You may enter a directory URL or a file URL.
  6. Select the Autopolicy: Web Access Control check box to create a policy that allows or denies users access to a specific resource under the Base URL. Enter the full URL of the resource, select Allow or Deny, and click Add. By default, the system automatically creates a policy that enables access to the resource and all of its subdirectories.
  7. Select the Autopolicy: Single Sign-on check box to automatically pass data such as usernames and passwords to the Citrix application. The system automatically adds the most commonly used values to the single sign-on autopolicy.
  8. If you want to perform a form POST when a user makes a request to the resource specified in the Resource field, select the POST the following data check box and specify the following:
    1. In the Resource field, specify the application’s sign-in page, such as: http://my.domain.com/public/login.cgi. Wildcard characters are not supported in this field.

      To automatically post values to a specific URL when an end user clicks on a system bookmark, the resource that you enter here must exactly match the URL that you specify in the Base URL field.

    2. In the Post URL field, specify the absolute URL where the application posts the user’s credentials, such as: http://yourcompany.com/login.cgi. You can determine the appropriate URL using a TCP dump or by viewing the application’s sign-in page source and searching for the POST parameter in the FORM tag.
    3. Select the Deny direct login for this resource check box if you do not want to allow users to manually enter their credentials in a sign-in page. Users may see a sign-in page if the form POST fails.)
    4. Select the Allow multiple POSTs to this resource check box if you want to send POST and cookie values to the resource multiple times if required. If you do not select this option, the system does not attempt single sign-on when a user requests the same resource more than once during the same session.
  1. Optionally specify the following for each item of user data you want to post and click Add:
    • Label—The name used to identify the data.
    • Name—The name used to identify the data in the Value field. The back-end application should expect this name.
    • Value—The value to post to the form for the specified Name. You can enter static data, a system variable, or system session variables containing username and password values.
    • User modifiable?—Select Not modifiable to prevent users from changing the information in the Value field. Select User CAN change value to allow users to specify data for a back-end application. Select User MUST change value if users must enter additional data to access a back-end application. If users can or must change the value, a field for data entry appears on the user’s Advanced Preferences page. This field is labeled using the name in the Label field. If you enter a value in the Value field, this data appears in the field but is editable.
  1. To post header data to the specified URL when a user makes a request to a resource specified in the Resource field, select the Send the following data as request headers check box. Then:
    1. In the Resource section, specify the resources to which this policy applies.
    2. Optionally specify the header data to post by entering data in the following fields and clicking Add:
      • Header name—The text to send as header data.
      • Value—The value for the specified header.
  1. Click Save and Continue.
  2. Select the roles in the Roles tab to which the Citrix resource profile applies and click Add.

    The selected roles inherit the autopolicies and bookmarks created by the Citrix resource profile. If it is not already enabled, the system also automatically enables the Web option in the Users > User Roles > Select_Role > General > Overview page of the admin console and the Allow Java Applets option in the Users > User Roles > Select_Role > Web > Options page of the admin console for all of the roles you select.

  1. Click Save Changes.
  2. (Optional.) Select the Bookmarks tab to modify the default bookmark created by the system and/or create new bookmarks. By default, the system creates a bookmark for the URL defined in the Base URL field and displays it to all users assigned to the role specified in the Roles tab.

Related Topics