SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

RSA integration with StoreFront



I am building new Citrix XenApp 7.15 environment with NetScaler and StoreFront - upgrading from XenApp 6.5 with Web Interface 5.4.

In this environment, the authentication is done on the StoreFront / Web Interface and NetScaler will act as proxy - don't ask me why not using NetScaler for authentication (company security policy).


In Web Interface, when I enable RSA SecuID (Radius authentication), both the RSA and Windows authentication will be on the same page.

However, in StoreFront, when I enable  RSA SeurID, the first logon will be with RSA (with token passcode), followed by Windows (AD).


Please advise on the configuration for making both RSA and Windows authentication to occur on the same page.


i have posted the same question in Citrix, but it seems that the configuration in RSA overrides any other authentication configured in StoreFront and the configuration need to be provided by RSA.

Thanks in advance.

Labels (1)
2 Replies
Apprised Contributor Apprised Contributor
Apprised Contributor

As far as I know you cannot put both PassCode and Windows Password on the same page through the RSA Authentication Agent for Citirx Storefront, but you can use the AM concept of Windows Password Integration to learn each User's Windows Password, and automatically pass it to Windows or AD after the user successfully authenticates with their PassCode.

So one page, with PassCode prompt, which is two factor authentication and if successful triggers a kind of SSO for the Windows Password, which was learned the first time user had both prompts.


Hi Jay,


Thanks for the reply. Unfortunately, there is no integration between RSA and Windows account in my environment - although both use the same naming format, so SSO is a NoNo.


I have opened a support case with Citrix, and the agent told me someone did it before - editing some JS and XML file, but they don't have the slightest idea on which file and line to be edited other than that "someone" open a case with the vendor - which I suppose is RSA.