Citrix Storefront 2.5 and Single Sign on:

andyjmorgan — Wed, 26 Mar 2014 07:59:53 +0000

With the release of XenDesktop / XenApp 7.5, Citrix Storefront has brought back a very sought after feature, Single sign on for local credentials to the storefront site!

Citrix Storefront SSO can be the default configuration or a choice can be given to the user if you select more than one authentication type as below:

Desktop appliance site: (Slight deviation, bear with me).

An interesting addition to storefront in 2.5 is a desktop appliance site is installed by default. Richard covers what a desktop appliance site really well in this article for the current release of storefont here. It’s worth noting the desktop appliance site is running the older storefront code base and does not currently support single sign on, strangely.

Back on topic!

Below is a quick guide on how to get it working and any interesting features along the way, I’ve broken this piece down into three parts:

XenDesktop Delivery controller configuration:

on each delivery controller accessible by the storefront site, run the following two commands:

Client Configuration:

(Shawn Bass did alot of the hardwork here for me, so a thank you for that!)

when installing the client, you can enable the single sign on features with the following command line:

[code language=”bash”]
CitrixReceiver.exe /includeSSON /ENABLE_SSON=Yes /silent STORE0=”Store;https://yourservername.yourdomain.com/Citrix/Store/discovery;on;Store”
[/code]

Once this is complete, add the storefront url to the trusted sites for the user, then add the following setting to the trusted sites zone:

Once complete, open group policy on the local machine (or active directory group policy) and import the icaclient.adm file, the typical path is below for convenience:

x86:

C:Program FilesCitrixICA ClientConfigurationicaclient.adm

x64:

C:Program Files (x86)CitrixICA ClientConfigurationicaclient.adm

Once you have imported this adm file, configure the following values in the LOCAL MACHINE configuration*

*the policies dont work in user mode, oddly.

Configure the authentication policy:

Configure the web interface authentication ticket settings also:

Now reboot the machine and log in, ensuring SSONSVR.exe is running in task manager.

Storefront Configuration:

I’m going to go ahead and assume you’ve already installed storefront, so lets start from there.

Make your way down to the ‘Authentication’ tab choose add/remove methods and select domain pass-through as an authentication type:

Note the warning, the receiver for web will also need some configuration, so that’s our next step:

Make your way down to your ‘receiver for web’ tab and select ‘Choose Authentication Methods':

As you can see above, domain pass-through is now an option, with a nice little warning:

Note: if you don’t want SSO to be optional, don’t publish additional authentication types on this storeweb.

Testing:

The quickest way to test is to go right ahead now and use the storefront in anger, but if you’re the cautious type Storefront 2.5 includes a subdirectory called DomainPassthroughAuth/test.aspx. if you browse to this site from a configured machine, you should see the following screen.

if you are prompted as below, or see any of the following errors, go back a few steps and check what you missed:

and the following error’s mean you’ve gotten the configuration wrong on the client side:

and that’s it, happy sso’ing!

XenDesktop Iconizer, a new tool for XenDesktop icons.

andyjmorgan — Thu, 26 Sep 2013 21:40:28 +0000

Recently I read a post from XD Tipster on how to convert Png files into icons and use them for XenDesktop and Storefront… A very interesting piece, but a bit convoluted and long winded for my liking. I didn’t like the idea of the two website hops to get this information into XenDesktop format… So I decided to write two utilities:

Iconizer:

Iconizer Converts png files (with transparency supported) to an Ico file format , then in turn converts it To a Base 64 String.

You can send the data to the clipboard or import directly into XenDesktop if you have the powershell tools available.

It’s very simple, I wont bore you with the details, just convert and import. then map with powershell:

Reverse Iconizer:

I’m sure you can guess, takes the massive string of information stored in base64 and gives you a visual representation.

An example command line of how to do this is below:

Hey wait?

Why didn’t you integrate both of these?

Well it seems .net and Powershell have a limit on the data (string length) it can pull out of the pipeline. The default Citrix icon is close to 20,000 characters and results in you being unable to pull this data from powershell directly to .net. WIth great help from http://www.jonathanmedd.net/ we found that, yep the console does seem to have a roughly 8k char limit… Sure I could parse it to a file or the clipboard, but that was messy and frankly, I really couldn’t be arsed.

If you are up to the challenge I’ve got the source code for forward and reverse of the icon data below. I’ve also got a half assed attempt at creating a list… So fill your boots and take up the challenge if you wish.

Download:

As with most of my utilities the download links and source code are below, and a few icons to get you going:

Download utilities.

Download Source Code.