Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Pass Post ESP Client Authentication Mode

This article relates to LoadMaster firmware version 7.2.53.

In LoadMaster firmware version 7.2.53, a new Edge Security Pack (ESP) Client Authentication Mode was introduced called Pass Post. You can set the Client Authentication Mode by going to Virtual ServicesView/Modify Services > click Modify on the relevant Virtual Service, expand the ESP Options section and ensure ESP is enabled.

In older firmware versions, clients using Citrix StoreFront/Citrix Virtual Apps & Desktops had to manually launch and log in to their Citrix Workspace App (or its predecessor Receiver) before entering the LoadMaster workflow for accessing their Virtual Desktop Infrastructure (VDI). With this change introduced in 7.2.53, users with valid credentials using the Workspace client app can successfully log in (using Single Sign On (SSO)) using POST-based authentication on the client side and Form Based Authentication (FBA) on the server side and access is granted to the VDI workspace.

For further details on Citrix StoreFront, including how to use the Kemp template to easily create the required Virtual Services with the recommended settings, refer to the following document: Citrix StoreFront for Virtual Apps and Desktops Deployment Guide.

For further details on ESP in general, refer to the following Long Term Support (LTS) document: ESP Feature Description.

RESTful Application Programming Interface (API) Details

To set the InputAuthMode (Client Authentication Mode) parameter to 7 (Pass Post) using the RESTful API for an existing Virtual Service, you can run the modvs command. For example:

/access/modvs?vs=<VirtualServiceAddress>&port=<VirtualServicePort>&prot=<tcp/udp>&inputauthmode=7

You can also add a new Virtual Service with the InputAuthMode set to 7 by running the addvs command. For example:

/access/addvs?vs=<VirtualServiceAddress>&port=<VirtualServicePort>&prot=<tcp/udp>&espenabled=1&inputauthmode=7

You can also set the InputAuthMode to 7 for SubVSs. For example:

/access/modvs?InputAuthMode=7&vs=<SubVSIndex>

To retrieve the Index, run the listvs command. For example:

/access/listvs


Comments