Recently a customer of mine had a task for me to solve. "Can we authenticate against Netscaler Gateway with just username and a security token from a nondomain joined client and get access to a full Citrix ICA session?" The customer wants the employees to work password free and the reason they use SmartCards in-house with all domain-joined clients. The company clients have no problem connecting externally to the corporate network but what about the private clients? For that reason, only users get a security token and that's it. In the past, users had to use at least one time a password against Webinterface and save it.
Here comes Citrix Federated Authentication Service to rescue!