Create an agent entry in Authentication Manager
- Login to the Security Console.
- Navigate to Access > Authentication Agent and choose Manage Existing or Add New.
- Create a new agent or edit the existing Citrix StoreFront agent, and enter one of the four IP addresses in the IP Address box so it is the main IP address.
- In the Alternate IP Addesses box, enter the other three Citrix StoreFront IPs as alternate IP addresses.
- Enter them one at a time and click Add.
- When done, click Save.
Generate a single node secret for the Citrix StoreFront agent
This single agent will need a node secret that can be shared on all four Citrix StoreFront agents.
- From Authentication Agents page, click the dropdown on this newly edited Citrix agent and click Manage Node Secret.
- Check the option to create a new random node secret, and export the node secret to a file.
- Create an encryption password and confirm it. Note this password for later use.
- Click Save.
- When the <agent_name>_NodeSecret.zip is ready, click Download Now.
- Inside the .zip will be a password-protected file named nodesecret.rec. Note: While the nodesecret.rec file is password protected, the zip file is not.
Load the node secret
- Make sure that agent_nsload.exe and the nodesecret.rec file are on the agent machine, in the ..\Program Files\Common Files\RSA Shared\Auth API directory.
- Run the following command. You may need to Run as Admin to do this, even for the command prompt, then the syntax is
C:\Program Files\Common Files\RSA Shared\Auth API> agent_nsload -f .\nodesecret.rec -d "..\Auth Data"
Enter PASSWORD: <enter the password created above>
Loading node secret . . . .
The Node Secret is successfully loaded
- The node secret is a file named securid that will be in the C:\Program Files\Common Files\RSA Shared\Auth Data directory, with the sdconf.rec file.
- Do a test or two from the RSA Control Center on the Citrix StoreFront to verify successful authentication.
- Repeat steps 1 through 4 on the other StoreFront servers in the HA cluster.