Citrix ADC – SSL VPN is breaking SSO to OAuth-based WebApps

Reading Time: < 1 minute

Guest Blog from Julian Jakob (@jakob_davidson)


Quick post about an OAuth-Issue with Citrix ADC’s SSL VPN. There is a missing hint in CTX225084 as this article is only refering to SharePoint deployments. OAuth can make use of the bearer authorization token. If users are trying to access WebApps via Citrix Gateway Plugin (SSL VPN), the ADC is removing the OAuth authorization header and this can cause SSO failing and access to specific resources of your WebApps stop working.


Create below traffic policy and bind it to the Citrix Gateway virtual server with a lower priority than possible other bound policies.

I hope this is helping others, struggling with customer-built OAuth WebApps with Citrix ADC’s SSL VPN.

Leave a Reply

Your email address will not be published. Required fields are marked *