Mark, you have access to the same documents that Carl does, but mere mortals like you and I typically can't memorize all of them in their entirety.
When I create the site I check use pass-through
From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Carl Stalhood
Sent: Friday, May 22, 2009 7:23 AM
To: thin@freelists.org
Subject: [THIN] Re: web interface 5.0 with 4.5 presentation servers
Web Interface supports two different types of sites: XenApp Web and XenApp Services. XenApp Web is the one that creates the webpage. XenApp Services is used by the client formerly known as PNAgent.
PNAgent is the preferred method for pass-through authentication. The XenApp login box you are seeing is from the PNAgent client. I suspect you did not enable pass-through on the XenApp services site.
There are two different 11.0 client installers. One is the web client and does not support pass-through. The other is the plug-in which actually contains three clients. When installing the plug-in, you are not required to install all three clients. If the users will only access their apps through a Web Interface webpage, install the plug-in but only install the web client that is contained in the plug-in.
If you must enable pass-through in the Web Interface website, the 11.0 client requires a group policy to enable pass-through. Install the XenApp plugin (web client only if you prefer) and enable pass-through during the install. Then simply add icaclient.adm to a group policy in the domain and turn on pass-through.
There should be no need to modify appsrv.ini.
The reasoning behind the extra effort to enable pass-through for a Web Interface website is to give users control over enabling pass-through for non-trusted Web Interface websites. If you go to a malicious Web Interface website, you probably don't want to allow it to upload your credentials without your permission.
Program Neighborhood is not needed. It has already been removed from the Citrix Receiver and it probably won't be included in future client versions.
On Fri, May 22, 2009 at 1:07 AM, Heflin, Janet <Janet.Heflin@tdwilliamson.com> wrote:
Here is the problem how to get the web interface to have pass-through authentication working.
Below is what we had to do to actually get pass-through authentication working with the web interface and I hope this is not Citrix's solution.
We have 2 4.5 presentation servers and 1 5.0 web interface server and 11.0 plug-in. To actually get this plug-in to work
- Install the Program Neighborhood
- Add in the APPSRV.INI the following
[WFClient]
EnableSSOnThruICAFile=On
SSOnUserSetting=On
Enable_SSOn=yes
- add the icaclient.adm to the local policy on my laptop
- go into the advance setting in network properties and in the provider orders make Citrix Single-Sign-on first.
Now I am stuck with the XenApp sign box when I log in to my laptop (I can hit cancel and continue).
There has to be a better way to get the web-interface to work using pass-through without having to do all of the above.
Anyone out there have a better solution? I really hope this is not Citrix solution
Janet
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Janet Heflin
Information Technology
T.D. Williamson, Inc.
Phone: (918) 447-5168
Email: janet.heflin@tdwilliamson.com
Help Desk Phone: (918) 447-5222
Help Desk Email: helpdesk@tdwilliamson.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This message and any attachments may be a confidential attorney-client communication or otherwise be privileged and confidential. If you are not the intended recipient, any review, distribution or copying of this transmittal is prohibited. If you have received this transmittal in error, please reply by e-mail and delete this message and all attachments
This message and any attachments may be a confidential attorney-client communication or otherwise be privileged and confidential. If you are not the intended recipient, any review, distribution or copying of this transmittal is prohibited. If you have received this transmittal in error, please reply by e-mail and delete this message and all attachments
No comments:
Post a Comment