So a short blogpost on a issue I faced this week.
Working at a customer this week we were working on setting up Citrix with SAML based authentication from MyApps Portal using Azure Active Directory. In order to setup this properly we needed to implement Citrix FAS in order to do SSO directly from a Azure AD Joined Windows 10 device. One of the issues we were facing was when a user clicked on Citrix app from myapps portal and opening multiple tabs or closing the existing tab where Citrix application was opened. The end user received a standard 404 error from Citrix Storefront
The reason for this was because of the Gateway session cookie was inserted when the user was trying to access Gateway from Azure MyApps. The request from Azure AD was redirecting to /cgi/samlauth and forwarded to the IIS server since Session cookie matched with an existing connection the connection failed. So my initial idea was to use Responder or rewrite policies but after some thinking I noticied that they were ignored due to AAA processing in the NetScaler packet flow take precedence of those feature.
The end solution was quite simple. We created a virtual directory on Storefront IIS.
and created a redirect on that virtual directory back to the netscaler gateway setup.
After I did this, the end user could open up the application as normal.