Citrix Pass-Through Authentication

Posted on 2009-04-03
Last Modified: 2012-06-27
I have 9 servers running in XenApp 5 on Windows Server 2003 systems. All of our company applications are powered by Citrix which is a fairly new application to our company. The dilema we have is we have far to many logins just to begin productivy.

1. Login to Workstation
2. Login to Citrix Web Console
3. Login to Application powered by Citrix

You can see how this would be frustration to someone constantly using the system. I noticed Citrix can use Pass-Through authentication which would eliminate our users pain. My problem is if I have a user connecting from home via software VPN, and is not on the domain would Citrix know to ask the user for the domain login credentials? Also, any paticular issues I should be worried about if I enable Pass-Through authentication for the Citrix Web Console.
Question by:ValleyENT
LVL 11

Accepted Solution

pfcjoker earned 500 total points
ID: 24066309
You can remove one step in that process by using the the PNagent (removes step #2) - this will give you Citrix apps on your start menu/desktop based off your log in in step #1 (doesn't work well with VPN or not domain logged in users).

But you can also turn on Integrated Authentication on the Web Interface site as well (removing step #2 while keeping the web client).
Launch the Access Management Console on your Web Interface server
go down to your Web Interface site
Under Common Tasks select Configure Authentication Methods
Select Pass-though only (uncheck others) hit ok

Now this will log in users that are domain connected with no extra prompts (removing #2) but sadly your VPN users will be presented with a Standard Windows "Please supply your credentials" popup box first. That means VPN or non-domain logged in users are still right where the are today (3 log ins) but at least for the rest of your users they are down to two.

As for the Computer and Application log in screens, sadly short of configuring Auto Workstation Log in or turning off (if even possible) application log in I think you are are sort of stuck with those two. But I'd check to see if your application can support Integrated Windows Authentication that would reduce that log in too.

Author Closing Comment

ID: 31566490
Thank you for your help! This was very helpful and got me pointed in the right direction.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question