Fast Connect 3 Credential Insertion API for Citrix Workspace app 1808 for Windows

Setting up your environment

July 31, 2023

Contributed by:

To use the Fast Connect API you must first configure your site appropriately, including setting up SSO:

If you are using StoreFront, enable the HTTP Basic authentication method as follows:
Install Citrix Receiver for Windows 4.2 or later using the /includesson flag: CitrixReceiver.exe/includesson
By default, user credentials are captured at the Windows session logon. This may not always be desirable, especially in off-domain pass-through scenarios. To disable logon credential capture, use the LOGON_CREDENTIAL_CAPTURE_ENABLE setting:
```
CitrixWorkspaceApp.exe/includesson
LOGON_CREDENTIAL_CAPTURE_ENABLE=No

```
Import the receiver.adml and receiver.admx files and then open gpedit.msc. This makes the Group Policy templates appear within the gpedit.msc GUI.

Note:

For information on importing Group Policy administrative template for Citrix Workspace app for Windows Version 4.6, see Citrix Product Documentation.
Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > User authentication.
Select the GPO policy Kerberos authentication, double-click it, and then disable it.

Note:

The order in which you configure policies is important. You must disable Kerberos authentication before configuring the local user name and password policy as described in step 6.
To allow SSO functionality, locate the GPO policy Local user name and password, double-click it, and then enable the following options:
- Enable pass-through authentication
- Allow pass-through authentication for all ICA connections
Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > Fast Connect API Support
To allow Fast Connect functionality, locate the GPO policy Manage FastConnectAPI support, double-click it, and then enable the following options:
- Enable the GPO
- Enable Fast Connect API Functionality
- Disable Leave Apps Running On Logoff
- Enable Integrate Self-Service Plugin with FastConnect
Optionally, in the administrative templates folder, select Citrix Components > Citrix Workspace > SelfService > Manage App shortcut:
- Startmenu Directory = Citrix
- Desktop Directory = Citrix
- Disable Startmenu Shortcut = False (clear checkbox)
- Enable Desktop Shortcut = True (select checkbox)
- Disable Categorypath = True (select checkbox to use StoreFront categories in the Start menu)
- RemoveAppsOnLogoff = True (select checkbox)
- Clear the set of applications shown in the Citrix Workspace app for Windows on log off = True (select checkbox)
- Prevent Citrix Workspace app performing a refresh of the application list when opened = True (select checkbox)
- Ignore self-service selection of apps and make all mandatory = False (clear checkbox), but True (select checkbox) if you are using Web Interface
Optionally, select SelfService > Control when Workspace attempts to reconnect to existing sessions:
- Enable the policy
- Choose the appropriate combination of reconnect conditions
Optionally, select SelfService > Enable application Prelaunch. Enable this policy to disable prelaunch.
If you are using StoreFront, add the FQDN of the XenDesktop Controller to the intranet zone:

You can set this through Group Policy:
- Select Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
- Select Site to Zone Assignment List, enable it, then add the FQDN of the XenDesktop Controller as a zone assignment with a value of 1. For more details, see documentation.
On the command line, run gpupdate /force to apply these settings.
Start Citrix Workspace app from the Start menu.
When you are prompted for an account, specify the URL for your StoreFront Services Site, StoreFront XenApp Services Site, or Web Interface XenApp Services Site.

A StoreFront URL looks like this: https://SMBSZ-XENAPPS1.xa.local/Citrix/Store/discovery

A Web Interface URL looks like this: https://SMBSZXENAPPS1.xa.local/Citrix/PNAgent/config.xml

Note:

If you require an HTTP (unsecure) URL, first perform preceding step 13 before re-attempting this step.

If you are using an HTTP site, set the following registry key to allow HTTP traffic for Citrix Workspace app:

On 64-bit Windows:

 HKLM\SOFTWARE\Wow6432Node\Citrix\Authmanager
 Name: ConnectionSecurityMode
 Type: REG_SZ
 Data: Any
 <!--NeedCopy-->

On 32-bit Windows:

 HKLM\SOFTWARE\Citrix\AuthManager
 Name: ConnectionSecurityMode
 Type: REG_SZ
 Data: Any
 <!--NeedCopy-->

Restart Citrix Workspace app for Windows.

If you are using StoreFront, create the following registry keys and values on the endpoint(s) to allow HTTP Basic authentication, which is needed for SSO:

On 64-bit Windows:

 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager\Protocols
 \httpbasic
 Name: Enabled
 Type: REG_SZ
 Data: True
 <!--NeedCopy-->

 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager
 Name: ProtocolOrder
 Type: REG_MULTI_SZ
 Value: httpbasic
 <!--NeedCopy-->

On 32-bit Windows:

 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager\Protocols\httpbasic
 Name: Enabled
 Type: REG_SZ
 Data: True
 <!--NeedCopy-->

 HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager
 Name: ProtocolOrder
 Type: REG_MULTI_SZ
 Data: httpbasic
 <!--NeedCopy-->

To get the store accepted, log on as any user and restart the endpoint.
When the endpoint restarts, verify that the SSO functionality is enabled by running ssonsvr.exe, as described at http://support.citrix.com/article/CTX133855
You can now inject a user name and password into the SSO functionality by interacting with the Fast Connect API, using the LogonSsoUser() function described later in this document.
If you would like the Self-Service Plug-in UI to automatically log on and log off in response to the Fast Connect LogonSSOUser and LogoffSSOUser library calls and thereby update the user’s icons, enable the policy “Integrate Self-Service Plugin with FastConnect” described in step 8.

Alternatively, you can manually update the UI and desktop icons following these calls by using the following sequence:
```
SelfService.exe –ipoll             // Refreshes the SSP GUI

```
Start Citrix Workspace app from the Start menu. The injected user is logged on to Citrix Workspace app.

All the user’s applications then appear for the first time on the desktop, the Start menu, and within the SSP GUI.
To inject further user credentials into Citrix Workspace app through Fast Connect, repeat Step 15. Citrix Workspace app on the endpoint is now set up for SSO and Fast Connect API use.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Setting up your environment

July 31, 2023

Contributed by:

July 31, 2023

Contributed by:

Setting up your environment

In this article