I hope this won't be regarded as advertising (as I'm not charging anything).
I've been into loads of schools in the last few years installing XenApp / XenDesktop and two factor authentication seems pretty rare (despite BECTA saying it was a requirement if SIMS and similar were published). My guess is that this is down to costs - £45 - £110 per user isn't going to fly if you have 100 members of staff and 2,000 kids.
To solve the above I've written a two factor platform that you're welcome to install for free. It works on XenApp/XenDesktop, SonicWall, etc (pretty much anything. The website is WrightCCS - - Citrix two factor authentication
As above, no cost, install it, use it, don't pay for it. It supports hardware tokens (I got mine from Gooze.eu for about 9Euro), software tokens on the iPhone/Android/Blackberry (free), text message (you pay for the texts - the beta version will allow you to use any provider), and in the beta release it also supports voice call authentication (via Twilio).
The admin interface does single signon and runs over the network so you'd install the software and publish it via XenApp (or install it anywhere you want) and logged-on users can update their own details.
If anyone is interested let me know and I'll give you some help to get it installed (free).
That does deserve a thanked post. Would be good to have it for Windows Login as well
I've never used it but pGina allows you to use RADIUS for Windows Login, so this should work perfectly with SMS2.
If you setup pgina let me know - I'd love to document it and put that on the site for everyone else interested.
Could you provide support for yubikey as an authentication device?
I'm using it at home, so I'm on a free plan - get unlimited instances and about 1000 sms/calls free
But by using PUSH notifications or the phone app to generate a passcode that's keyed to my account - I dont even use them.
Yubikey should work fine as an authentication device. Using the admin console in SMS2 you can specify a manual OATH-TOTP shared secret, using the Yubikey personalisation tool you can load the same shared secret on your Yubikey.
As I understand it you'd need the Yubikey TOTP application installed on the PC, when you reached an authentication screen (in my case the Citrix Web Interface logon screen) you'd doubleclick the Yubikey TOTP application in the system tray and it would query the key and paste the correct code into the token box on the screen.
SMS2 will do exactly the same functionality for free, Remote Desktop Services will require either pGINA as a linked to above (also free) or Microsoft's Threat Management Gateway software.
There are currently 1 users browsing this thread. (0 members and 1 guests)