We see 403 forbidden error post authentication when accessing the apps through Netscaler Gateway.

Install the correct certificate/links on the Storefront and Netscaler in order to have the trust relationship.

Troubleshooting:
Open a browser on StoreFront and point it to https://www.gatewayfqdn.com/CitrixAuthService/AuthService.asmx. After pointing to this URL verify for any certificate issues/errors. If there are certificate errors then you'll need to correct them. Make sure gatewayfqdn actually resolves to a NetScaler Gateway VIP. Make sure the certificate on Storefront matchesthe name with which we access the Gateway FQDN. If there are intermediate certs make sure the root and intermediate certificates are installed on the StoreFront server.

Please refer to the below provided links if this is a Single FQDN setup involving both Netscaler Gateway and Storefront.

---

Problem Cause

Certificate trust issue. StoreFront server does not trust the certificate of the NetScaler. 

https://www.digicert.com/help - in order to check certificate and its link chain is proper.

Create a single FQDN to access a store internally and externally:

http://docs.citrix.com/en-us/storefront/2-6/dws-manage/dws-configure-single-fqdn.html