advanced Storefront Monitor (end-to-end test)

Hi Stephan,

Did you use iApp for Citrix XenApp ? In the iApp, there is an advanced monitor for the WebI (should work with the SF).

In this monitor, you specify, FQDN, user, password, apps retrieve.

The iApp does use credentials in the monitor specifically created for the xml broker/DDC server pool; however, the monitor created for the storefront or Web interface servers does not. The monitor for web servers (sf/wi servers) only verifies initial landing page is being returned. While this configuration separately checks each essential service, it does not verify communication from the storefront server to the DDC/XML broker is healthy.

Creating a monitor that verifies storefront Web services along with ddc/xml broker authentication and enumeration services are healthy from a storefront server perspective is going to be a challenge. During initial connection, the storefront server issues cookies and CSRF tokens to identify clients and validate subsequent posts. In order to send an accepted authentication post to the sf servers, the CSRF token and cookie issued by the sf server will need to be captured and included in the post.

Hi Matthieu, Greg,

thank you for your quick response. No I didn't used the iApp, but the deployment guide. We also use the mentioned advanced monitor against the XML-Broker pool which is working fine, but we are looking to have such kind of test from a SF perspective.

During initial connection, the storefront server issues cookies and CSRF tokens to identify clients and validate subsequent posts. In order to send an accepted authentication post to the sf servers, the CSRF token and cookie issued by the sf server will need to be captured and included in the post.

This I also had already in mind, means creating an external monitor, which makes an initial request towards the login page and capture the required token/session cookies/headers. Then make a second request with these variables and include the credentials as well.

I was just asking if there is maybe a more easier way available, but seems not. But do you know, which cookies/headers are mandatory for the SF to simulate a successful login?

Thank you!

Ciao Stefan :)

Hi again,

please find below an extract from my external monitor script (sorry if the syntax is not optimal, I'm not a bash expert):

 Make a request to the Logon Page to get the ASP-SessionID and Csrf-Token Cookie set
curl -kfNsg -c /config/monitors/sf-test_cookies.txt -X POST https://[${ip}]/Citrix/storeWeb/Home/Configuration -H "Host: 10.76.208.21" -H "X-Citrix-IsUsingHTTPS: Yes" -H "X-Requested-With: XMLHttpRequest" -H "Cookie: CtxsDeviceId=WR_GLofrvuW4jFhqo7B4" -H "Content-Length: 0" 2>&1 > /dev/null
 Extract the two IDs from the Cookie file
asp_sessionid_line=$(sed -n '5{p;q;}' /config/monitors/sf-test_cookies.txt)
csrf_token_line=$(sed -n '6{p;q;}' /config/monitors/sf-test_cookies.txt)
asp_sessionid=$(echo "${asp_sessionid_line: -24}")
csrf_token=$(echo "${csrf_token_line: -32}")
 Make the Logon request with the correct IDs
curl -kfNsg -X POST https://[${ip}]/Citrix/storeWeb/ExplicitAuth/LoginAttempt -H "Host: 10.76.208.21" -H "X-Citrix-IsUsingHTTPS: Yes" -H "X-Requested-With: XMLHttpRequest" -H "Csrf-Token: ${csrf_token}" -H "Cookie: CtxsDeviceId=WR_GLofrvuW4jFhqo7B4; CsrfToken=${csrf_token}; CtxsPluginAssistantState=Done; ASP.NET_SessionId=${asp_sessionid}" -H "Content-Length: 88" --data "username=domain\username&password=password&loginBtn=Log+On&StateContext="

But I'm getting this response:

  fail
  sessiontimeout

Any idea what's still missing or what I'm doing wrong?

Thank you!

Ciao Stefan 🙂

Hi Stefan, I just posted an external monitor for sf here. Note it does not handle app retrieval since published apps are returned as images rather then XML for the storefront servers response. So a healthy response will verify all authentication services are functioning but does not test published application availability.

Hi Greg,

well done, thumbs up!!! This monitor is now working for me, I only had to adjust one small thing.

As we are working with route domains, I was adjusting

$http://$node_ip

to

$http://[${node_ip}]

to get this monitor working.

But if I have it correctly in mind from my previous testing there is an URI available, which returns a XML-response including the assigned apps for that user. Isn't that not possible with this script? But as of now this script is much much better than the basic monitor from the deployment guide.

Thank you!

Ciao Stefan :)

Hi all,

is someone using this advanced monitor with Storefront version 2.6 and if yes, are there any modifications required?

Thank you!

Ciao Stefan :)