Citrix XenMobile MDM – SAML authentication limitations

Hi,

For everyone trying to integrate Citrix XenMobile MDM with (ADFS)/SAML

Some limitations:

– When using SAML for authentication there is no ‘Two Factor’  auth. for enrollment possible anymore

– When using SAML – SAML is only used for device enrollment.. one time. (their is no re-authentication in a specific period)

  • (continuing authentication is based on certificates and SCEP)
  • updated to the AD based user or group account will not propagate. For that to happen, the user has to authenticate again to SAML/ADFS
  • This will not be the case, since the device is already registered. (this is a one-time process)

– It is not possible to use a ‘SAML’ generated user account to log in to the Admin Console
So: Administrators should be basic accounts in the tooling (local) database itself

– It is not possible to use the Self Help Portal
An end-user cannot login to the Self Help Portal – when his/her account is generated by means of SAML

– The Claim rules for MDM are a B*tch, there not well documented.

Using LDAP is the recommended approach if one of above is mandatory

TIP: You can use a ‘Send Group Membership as Claim Rule’ to populate Groups in the MDM database

Greetings,

 

Ronny.

 

 

 

 

The Citrix Receiver Feature Matrix – What’s supported on what platform

Hi,

Doing some research today.
Was wondering if there is finally an update on this: http://ronnyholtmaat.nl/citrix-receiver-on-android-cannot-verify-this-servers-certificate/

That’s been quite a while back ago, So i stumbled on this page:

http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf

A very nice overview..

Still no SAN support on Citrix Receiver for Android. 🙁
NOTE: You could use wildcard certificates… 🙂    

/// Some organisations don’t allow wildcard certs…. thats the one in my case…

Greetings,

 

Ronny.