Requires Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true to be set on the DDC/XML broker).Pass-through from NetScaler Gateway: Allows a NetScaler Gateway virtual server to handle user authentication on behalf of the user.Just know that it’s required if smart-cards are used in the environment Thankfully I don’t work with this method very often, so I’ll refrain from digging in.Smart Card: Allows smart card pass-through.As of this post, pass-through authentication doesn’t work on XenDesktop 7 published desktops running Receiver 3/4 without this fix in place. Citrix has provided a provisional test-fix to customers with an open case, and will soon be releasing a public hotfix.There is currently a bug with XenDesktop 7 published desktops using pass-through authentication to provide ‘FlexCast’ functionality (enumerate and launch published apps from the published desktop) where ssonsvr.exe wouldn’t run (crashed at login) because pnsson.dll wasn’t playing nice with the ICA stack at session logon.Receiver relies on the SSON component to send the user’s domain credentials to the StoreFront server’s StoreWeb (via browser), Store (via Receiver), or legacy PNAgent (via Online Plugin / Receiver Enterprise) virtual directory. For pass-through authentication to work, you must use the /includesson switch when installing Receiver (per CTX133982), which tells the meta-installer to include the ‘SSON’ component (ssonsvr.exe) that is needed to capture the user’s domain credentials at logon.In this scenario, the client sends credentials (via ssonsvr.exe) directly to the target ICA server.Allows Receiver for Windows endpoints automatically log on using the local session’s logged on user domain account (via NTLM).Domain Pass-through: Similar to Integrated Authentication in IIS, and.In this scenario, the broker passes the user’s credentials to the target ICA server on behalf of the client.User name and password: Similar to windows basic auth in IIS, or explicit authentication in Citrix Web Interface Server.Prompts the user to enter their credentials at logon.There are four authentication methods available as of StoreFront 2.0:.Here you can specify which authentication methods to allow on Stores hosted by that server: To configure a StoreFront server’s authentication methods, use the Citrix Studio MMC to open the Authentication TreeNode of the Citrix StoreFront deployment. NET services ( & ) handle authentication: IIS allows anonymous authentication since the StoreFront. The Receiver is connecting to a StoreFront Store, StoreWeb, StoreDesktopAppliance, or PNAgent IIS virtual directory.Authenticates to a StoreFront virtual directory via Citrix Receiver:.In this step, a user connects to the StoreFront server and: The first step to launching a XenDesktop session is to authenticate to the StoreFront Store that the XenDesktop resource is connected to. So just Receiver StoreFront XenDesktop. To keep it simple, I’m only going to talk about StoreFront (no WI) and XenDesktop (no XenApp/IMA). In this post I’d like to briefly explain how the Citrix Receiver authenticates to a XenDesktop 7 application or desktop. There are several key components involved in the session launch process including authentication, enumeration, registration, ticketing, and display/session handling. The process of enumerating, brokering, and connecting to a XenDesktop resource involves quite a few moving parts, and can be a daunting task to troubleshoot for someone who isn’t familiar with the product.
0 Comments
Leave a Reply. |