Citrix Netscaler, Configuration with inWebo RADIUS or RADIUS "push"

Netscaler Gateway RADIUS Configuration

1. In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.

2. Click RADIUS, and then in the details pane, on the Policies tab, click Add .

3. In the Create Authentication Policy dialog box, in Name, type a name for the policy.

4. In Name, type a name for the policy.

5. Next to Server, click New.

6. In the Create Authentication Policy dialog box, in Name, type a name for the server.

7. Under Server, in IP Address, type the IP address of the RADIUS server. 

8. In Port, type the port. The default is 1812. and 15 seconds for Time-out
If you are using a standard radius mode (without push), with a server pair: the OTP is sent in the request, so we recommend configuring a "Server timeout period" of 5 seconds to enable validation of the authentication request by the Secondary server before the OTP expires. 60s in "Push" mode)
You can find more details on redundancy here : /wiki/spaces/SBOX/pages/18841625

9. For your Secret Key, type the RADIUS server secret and repeat this under Confirm Secret Key,

10. Click on "More" to expand radius configuration parameters and configure the Password encoding to PAP (Password Authentication Protocol). Then click on Create.

11. In the Create Authentication RADIUS Policy dialog box, next to Named Expressions, select the expression, click Add Expression. You can use one of the following or create a custom one :  

a. For a RADIUS policy for non-mobile devices. To bind this policy to only non-mobile devices, use the following expression:

b. Put ns_true as the expression as this policy is to be used for all authentication.

12. Click Create and then click Close

inWebo Radius connector configuration

You can create your own InWebo account at InWebo Signup page. This will give you access to the InWebo Administration Console.

- Once connected, go to Secure Sites tab > CONNECTORS section.

- Select “Add a connector of type…”, and choose “Radius” or “Radius Push” :

- The popup below will appear. Enter the public IP addresses of your Netscaler Gateway, along with the Radius secret you defined earlier:

- Click “Add”.

NetScaler Gateway Virtual Servers configuration

In your Netscaler Gateway appliance, select "Virtual Servers"

Create or Edit the virtual server you want to configure with inWebo.
Edit the "Basic Authentication" section with the "+"

Select an Authentication policy (in Primary or secondary):

Select and bind the newly created inWeb_RADIUS policy:

Click and "Bind" then OK to validate the change on this virtual server.

Testing your Netscaler Gateway access with inWebo RADIUS

Connect to your Virtual server IP access:

Indicate your login (username) and a correct OTP in RADIUS standard mode or a random character in RADIUS "push" mode

in RADIUS "push" mode you'll receive a notification on your mobile device:

If you acknowledge the connection your access with the netscaler will be granted.