A while back, I wrote a post on integrating NetScaler nFactor with Duo for 2 factor authentication. The implementation in that post included some workarounds for two limitations between nFactor and Duo. These workarounds were great, but they made the configuration more complicated. They also had some limitations. The good news is that we don’t need them anymore.
UPDATE: Citrix and Duo have made some changes that simplify this configuration. I discuss a new variation of this configuration in this post. Duo has become prevalent enough that I check it’s compatibility any time I’m looking at a new remote access system. Duo actually publishes a solid how-to on integrating with NetScaler, specifically Gateway. Unfortunately, this method relies on the old NetScaler Basic Authentication Policy framework and uses some secret sauce internal to both NetScaler…