Configure Citrix Receiver 4.1 for pass-through authentication to StoreFront 2.5

In this blog I am going to

  • Configure pass-through authentication to Citrix StoreFront 2.5 using Citrix Receiver 4.1.
  • Use Keywords to mark applications and desktop as favorite within Citrix Receiver

Here are the version numbers of the software components that I use:

– StoreFront: 2.5.0.29

– Citrix Receiver: 14.1.0.0

 

Step 1 – Enable Domain Pass-through Authentication on the StoreFront server

 

This step enables pass-through authentication on the StoreFront server so this authentication method is allowed.

 

Open the StoreFront console

Click on Authentication and click on Add/Remove Methods

clip_image001
Select Domain pass-through clip_image002
Click on Receiver for Web and click on Choose authentication methods clip_image003
Select Domain pass-through

 

Click Ok

clip_image004

Step 2 – Installing the Citrix Receiver on the client

 

Citrix Receiver for Windows 4.1 can be downloaded here

 

Here is the command line I use to install Citrix Receiver CitrixReceiver.exe /silent /includeSSON ENABLE_SSON=”Yes” UseCategoryAsStartMenuPath=”True” StartMenuDir=”\Citrix Applications and Desktops” STORE0=”StoreFront;https://citrix.domain.com/Citrix/StoreWeb/discovery;On;StoreFront”

 

PastBin here

This command line enables Single Sign On for pass-through authentication, creates a top folder in the start menu and uses the application Categories to create subfolders under the top folder in the start menu. So:

  • The StartMenuDir is the is the name of the top folder in the start menu that will be created and where the shortcuts will be placed.
  • The Category is the folder specified in Citrix AppCenter under “Client application folder”. This folder will be created under the StartMenuDir in the start menu of the client and the shortcut will be placed in this folder.

image

 

The client’s start menu will look like this when every step in this blog is completed. Sneak preview:

clip_image010

 

Here is the location in the start menu where the values of the parameters StartMenuDir and UseCategoryAsStartMenuPath are placed.:

 

clip_image008

If necessary, these values can also be modified later .

 

After the Citrix Receiver 4.1 installation, the client must be rebooted because after a reboot the process ssonsrv.exe (single sign on service) is started.

Ssonsrv.exe must be started for pass-through to work so after the reboot, verify if the process is started.

clip_image011

 

Step 3 – Configure pass-through on the client

 

There are a few Group Policy settings to configure to allow the client to send credentials to the StoreFront server and use pass-through authentication. Here is how to set it up:

 

Open GPedit.msc and import the Citrix ADM file (icaclient.adm) from C:\Program Files (x86)\Citrix\ICA Client\Configuration
Change the following settings: clip_image012

clip_image013

clip_image014

Reboot the client

 

Step 4 – Add the StoreFront site to Internet Explorer’s Local Intranet zone

 

The StoreFront server must be added to the Local Intranet zone within Internet Explorer because this zone allows Automatic logon by default. This is necessary so the Citrix Receiver 4.1 can send the credentials for pass-through authentication to the StoreFront IIS site.

 

clip_image016

 

Open Internet Explorer’s Internet Options
Click on Security
Click on Local Intranet
Click on Sites
Click on Advanced
Add the Citrix StoreFront server to the list

To verify if the StoreFront site is in the Local Intranet zone, open the StoreFront site and right click on a spot on the site. Click on Properties and verify that after Zone: Local Intranet : Protected Mode: Off is displayed:

image

 

Step 4 – Log on automatically to Citrix Receiver

 

When a user logs on to Windows, Citrix Receiver 4.1 is started in the background and the Receiver icon is displayed next to the clock. When the Receiver is started it doesn’t logon to StoreFront automatically and so the start menu will not be filled with shortcuts of published Citrix applications and desktops.

Executing the following command (for example at logon) let’s the Citrix Receiver 4.1 silently log on to the StoreFront server: “C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe” –logon

image

Here you can find are all the command line parameters for SelfService.exe

Step 5 – Adding start menu shortcuts

 

Only Favorite apps on the “desktop” of the Citrix Receiver will be placed in the start menu.

In the default configuration, the “desktop” is empty so no shortcuts will be placed in the start menu:

image

It is possible for Citrix administrators to mark applications as Favorite so they will be added automatically to the Citrix Receiver “desktop”. Because the applications are on the “desktop”, they will also be placed in the start menu.

To mark an application as favorite so they will be placed on the “desktop”, keywords must be added. This can be done in Citrix AppCenter:

 

Open Citrix AppCenter
Open the Properties of the applications that must be mandatory
In the Application Description add the text:

 

KEYWORDS:Mandatory

Or

KEYWORDS:Auto

 

When using Auto, the end user can remove the favorite application from the Receiver “Desktop”and it won’t return.

 

When using Mandatory the end user can remove the favorite application from the Receiver “Desktop” but the application or desktop will return in the favorite list and in the start menu.

clip_image019

clip_image020

clip_image021

Step 6 – Test

 

Now that every prerequisite is in place, we can test pass-through authentication and creation of shortcuts in the start menu.

When the Receiver is started, click on Logon or use Step 4 to automatically log on.
Receiver must not ask for a user name and password, it must log on without requesting credentials.

After logging on in Citrix Receiver, favorite applications are visible on the Receiver’s “desktop” and the start menu is filled with these favorite applications:

 

clip_image009

 

 

 

Notes/Findings

 

  • When the top folder, in my case “Citrix Applications and Desktops”, is deleted, it will not be re-created at next logon or reboot. To re-add the top folder, the end user has to mark the application again as Favorite (place it in the Receiver’s “Desktop”) within Citrix Receiver 4.1.
  • When the top folder, in my case “Citrix Applications and Desktops”, is deleted and a user adds a new application as favorite, the folder is recreated with only the new shortcut.
  • Keywords also work with the Citrix Web Interface if the Citrix Web Interface XML server is added to the Delivery Controllers list in StoreFront

Feature compare with PNagent

  • The PNagent (3.x) places a shortcut for every accessible application and desktop in the start menu by default. To use the same functionality in Receiver 4 application keywords (auto or mandatory) need to be used and added to every application and desktop.
  • Receiver with PNagent (3.x) logs on automatically, this has to be done manually in Receiver 4. Or the command line described in step 4 needs to be used.

Things to test

  • Desktop shortcuts
Advertisements
This entry was posted in Citrix XenApp, Citrix XenDesktop and tagged . Bookmark the permalink.

One Response to Configure Citrix Receiver 4.1 for pass-through authentication to StoreFront 2.5

  1. Dave Boyd says:

    Ralph, found this page while searching for Single Sign on solutions. I’ve installed/uninstalled the receiver (both 3.4 and 4.2) multiple times using the /includeSSON switch. Verified policy settings, intranet zone, registry entry, etc. My problem is the SSONSRV.exe never installs as a service. Doesn’t appear in listed services on the client machine. Any suggestions?

    Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s