Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Single Sign-On through web interface

Status
Not open for further replies.

AndyE45

MIS
Jul 24, 2003
183
CA
I'm running PS 4.0 and I want to enable single sign-on for users coming in through the web interface.

I know about the setting in the Web Interface to enable it.

I also know about the 2 entries that are needed in user's appsrv.ini files too but I was wondering if there's a way to enable it without having to do this step. It would make more sense if there was a way to enable it solely from a central setting without having to tinker with user's files. Though, knowing Citrix, they didn't make it easy.

Have I missed something or is this the only way?
 
You want the login to the Web Interface to be passthrough also if I understand you right so the users don't have to login there?
If i remember it right the Web Interface URL has to be added to users trusted sites in Internet Explorer for IE to accept an automatic login.

/Hof
 
Hof,

We added the URL into a GP for the users a long time ago and I'm sure you're right about that being a necessary step.

I'm trying to find out if there's a way to avoid having to touch every user's appsrv.ini though. If I enable pass through auth on the web interface it works as far as getting past the first logon page and presenting the list of apps but when you try to launch an app you're presented with a server logon prompt. This is fixed by adding the 2 necessary entries in the user's appsrv.ini but I'm hoping to find a way to accomplish the same result with a centrally controlled setting rather than one on every user's settings file.

Thanks for the input.
 
Andy - I think you are going to need to touch each pc anyway. When the client was installed, did you choose Pass-through auth?

I am assuming you have just pass-thru set on your WI sites?

You might consider a logon script to replace the file instead of manually doing it.
 
KaronW,

Thanks for your reply.

I don't think the client was installed with the Pass-through auth selected but I'm not sure. I wasn't in on that but I get to try and figure out how to change it.

I know about what has to be done to make pass through work through the WI -> added/modified properties in appsrv.ini. I'm implementing that now through a combination of batch files, logon scripts through a GP, etc.

My question here is how to make it work for PN which is completely different from how it's done for the WI. I've read in some places that re-installation of the client might be the only way, There's also Hof's contribution above but I've found out that this doesn't work for all users. I'm thinking there must be a reg hack and/or modifications to the pn.ini that would work but I haven't found it yet.
 
PN has 2 places for passthru.
open PN, click on tools, ica settings. Verify pass-through auth and use local credentials to logon are checked.

on the app you created, rt click and verify logon information is local user and passthrough auth.

If they are not available, you will need to uninstall, reboot, remove all citrix and icaclient directories, and check the registry for citrix and ica entries as well. You could try update, but that doesn't work all the time. Clean install is always best.



 
KaronW

I know about the 2 areas to do the settings in PN and some users don't have all the settings available. I was hoping there was a way to hack the reg and/or PN.ini to make it work but, as you and others have said, it may come down to removing and re-installing.

Thanks.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top