To add to Alex's responses.

jacmarpet;262045 Wrote:
> Hello,
> A very large project is coming up and quite a few requirements are
> listed. I hope some of your can help me answer some of them.
> 1. It is it possible for NAM to grant a user access towards the Citrix
> client? After authenticating via the Citrix web login, the Citrix
> application on the users PC knows the user is authenticated. Is it
> possible for NAM to integrate, or authenticate the user against this
> application? Do you need to code this yourself in for example Java?

If you use the citrix access gateway then yeah, you can do this. The NAM
access gateway will proxy the traffic for the presentation server (or
whatever that is called these days) and you can use a formfill policy to
get SSO between NAM and citrix. Once the user clicks on an application
so it downloads the ICA file all traffic will go through the citrix
access gateway and it no longer interacts with NAM really.

jacmarpet;262045 Wrote:
> 2. Is it possible for NAM to authenticate towards an SQL table? For
> example the NAM is provided with an attribute from an external source,
> with an attribute, and AM then uses that attribute to look up a user in
> an SQL database? Do you need to code this yourself in for example Java?

As per Alex's response. In NAM 4.2 you can do this out of the box.

jacmarpet;262045 Wrote:
> 3. Does AM support OAuth2? I know it supports OAuth.


jacmarpet;262045 Wrote:
> 4. Is it possible for NAM to use kerberos tickets from multiple ADs? The
> case is that 3 customers, with their own ADs, need SSO to services
> through Kerberos. So in essence it is 3 ADs with kerberos, working
> within the same NAM solution. Is this possible?

You can but its more luck that it works than actual wisdom. If you
create a service account in each of the 3 domains with the exact same
password and set the SPN on it it'll work. NAM only has to have a keytab
with one SPN in it so just nominate one of the domains NAM will talk to.
If you don't use the same passwords it will not work.


edmaa's Profile: https://forums.netiq.com/member.php?userid=1118
View this thread: https://forums.netiq.com/showthread.php?t=54568