![]() ![]() When you have enabled Domain pass-through and User name and Password authentication on Receiver for Web, the first time a user logs on they get this prompt to either log on using the account used to sign on to the computer or to switch to the username and password logon screen. Now that we have discussed the prompt and the advantages/disadvantages with enabling/disabling this feature, here below is a picture of what the prompt actually is and looks like. Using the above created policy, edit the setting Computer Configuration -> Policies -> Administrative Templates -> Citrix -> Components -> Citrix Receiver -> Local User Name and Password enabling Enable pass-through authentication.Create a GPO linked to all machines participating in Citrix Receiver client SSO or use an existing one.Download and copy receiver.admx and receiver.adml template files to the PolicyDefinitions folder on a Domain Controller.The following command at minimum is required to install Receiver client: CitrixReceiver.exe /includeSSON (tested on Receiver 4.3) A command line install if preferred because you can automate Citrix Store configuration. The SSO component is required so a simple GUI or command line interface command can be used to install the client. Citrix Receiver client must be installed on the end-device.Installing and configuring SSO (Receiver client) This means you can configure seperate devices/users to point to specific Receiver for Web websites based on authentication needs. It is also possible to create a seperate Receiver for Web website for SSO users only, or create sites for non-SSO participants. Keeping the above restrictions in mind, a decision must be made to bring true SSO experience at the expense of reduced authentication ability, or accept that a prompt will be given to users on first log on to Receiver for Web in favour of keeping maximum authentication abilities. Usrs can not log on using a set of credentials different than those they used to log on to their domain joined client device.Non domain machines cannot authenticate to this Receiver for Web website.Using the above created policy, edit the setting Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel to include the Receiver for Web website address in the Local Intranet zoneĭecision: To get rid of the first-time logon prompt which will be shown later in this post, you need to disable User Name and Password authentication.Create a GPO linked to all machnes participating in Citrix Receiver for Web SSO or use an existing policy.Set Internet Explorers homepage to the Receiver for Web website address.This should be done on the base/gold image Launch Internet Explorer on logon by placing a shortcut in the Startup folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.Using StoreFront MMC, disable User Name and Password authentication against Receiver for Web.Using StoreFront MMC, enable Domain pass-through on Receiver for Web.The SSO component is not required so a simple GUI or command line interface command can be used to install the client. Citrix Receiver client must be installed on the end device.Installing and configuring SSO (Receiver for Web): Group Policies do need created for Receiver client SSO.The User Name and Password Receiver for Web authentication method should be disabled to avoid extra prompts which will later be explained.Group Policies do not need created for Receiver for Web SSO.Internet Explorer must be used when accessing Receiver for Web.Always use Receiver for HTML5 must not be selected in StoreFront.Now below are the remaining unique prerequisites/differences for each method. Requests sent to the XML service port on your DDCs must be trusted.Domain pass-through must be enabled on Receiver for Web via StoreFront console.If using the Trusted Sites zone instead, Automatic logon with current username and password must be set in Trusted Sites zone (I will talk no further about using the Trusted Sites zone).Receiver for Web website must be in the Local Intranet Zone.Citrx Receiver must be installed on the client device with the SSON component installed.Below are the prerequisites that are required for either method, meaning it doesn’t matter which method you choose the same prerequisites exist: There are to ways you can use SSO in a Citrix 7.5+ environment using built-in Citrix technologies:ĭepending on which method you choose the prerequisites differ, however not by much. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |