Download full document:

Setting up your environment

To use the Fast Connect API you must first configure your site appropriately, including setting up SSO:

  1. If you are using StoreFront, enable the HTTP Basic authentication method as follows:

alt_text! 2. Install Citrix Receiver for Windows 4.2 or later using the /includesson flag: CitrixReceiver.exe/includesson 3. By default, user credentials are captured at Windows session logon. This may not always be desirable, especially in off-domain pass-through scenarios; to disable logon credential capture, use the LOGON\_CREDENTIAL\_CAPTURE\_ENABLE setting:

    CitrixWorkspaceApp.exe/includesson
    LOGON\_CREDENTIAL\_CAPTURE\_ENABLE=No
  1. Import the receiver.adml and receiver.admx files and then open gpedit.msc. This will make the Group Policy templates appear within the gpedit.msc GUI.

Note

  • For information on importing Group Policy Object administrative template for Citrix Workspace app for Windows Version 4.5 and later, see Citrix Product Documentation.
  • For information on importing Group Policy administrative template for Citrix Workspace app for Windows Version 4.6, see Citrix Product Documentation.

5. Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > User authentication.

6. Select the GPO policy Kerberos authentication, double-click it, and then disable it.

Note

The order in which you configure policies is important. You must disable Kerberos authentication before configuring the Local user name and password policy as described in step 6.

7. To allow SSO functionality, locate the GPO policy Local user name and password, double-click it, and then enable the following options:

  • Enable pass-through authentication
  • Allow pass-through authentication for all ICA connections

8. Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > Fast Connect API Support

9. To allow Fast Connect functionality, locate the GPO policy Manage FastConnectAPI support, double-click it, and then enable the following options:

  • Enable the GPO
  • Enable Fast Connect API Functionality
  • Disable Leave Apps Running On Logoff
  • Enable Integrate Self Service Plugin with FastConnect

10. Optionally, in the administrative templates folder, select Citrix Components > Citrix Workspace > SelfService > Manage App shortcut:

  • Startmenu Directory = Citrix
  • Desktop Directory = Citrix
  • Disable Startmenu Shortcut = False (clear checkbox)
  • Enable Desktop Shortcut = True (select checkbox )
  • Disable Categorypath = True (select checkbox to use StoreFront categories in the Start menu)
  • RemoveAppsOnLogoff = True (select checkbox)
  • Clear the set of applications shown in the Citrix Workspace app for Windows on log off = True (select checkbox)
  • Prevent Citrix Workspace app performing a refresh of the application list when opened = True (select checkbox)
  • Ignore self service selection of apps and make all mandatory = False (clear checkbox), but True (select checkbox) if you are using Web Interface

11. Optionally, select SelfService > Control when Workspace attempts to reconnect to existing sessions:

  • Enable the policy
  • Choose the appropriate combination of reconnect conditions

12 Optionally, select SelfService > Enable application Prelaunch. Enable this policy to disable prelaunch.

13. If you are using StoreFront, add the FQDN of the XenDesktop Controller to the intranet zone: You can set this through Group Policy:

14. On the command line, rungpupdate/forceto apply these settings.

15 Start Citrix Workspace app from the Start menu.

16. When you are prompted for an account, specify the URL for your StoreFront Services Site, StoreFront XenApp Services Site, or Web Interface XenApp Services Site.

A StoreFront URL looks like this: https://SMBSZ-XENAPPS1.xa.local/Citrix/Store/discovery

A Web Interface URL looks like this: https://SMBSZXENAPPS1.xa.local/Citrix/PNAgent/config.xml

Note

If you require an http (unsecure) URL, first perform step 13 above before re-attempting this step.

17. If you are using a HTTP site, set the following registry key to allow HTTP traffic for Citrix Workspace app:

  • On 64-bit Windows:
HKLM\SOFTWARE\Wow6432Node\Citrix\Authmanager
Name: ConnectionSecurityMode
Type: REG_SZ
Data: Any
  • On 32-bit Windows:
HKLM\SOFTWARE\Citrix\AuthManager
Name: ConnectionSecurityMode
Type: REG_SZ
Data: Any

18. Restart Citrix Workspace app for Windows.

19. If you are using StoreFront, create the following registry keys and values on the endpoint(s) to allow HTTP Basic authentication, which is needed for SSO:

  • On 64-bit Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager\Protocols
\httpbasic 
Name: Enabled
Type: REG_SZ 
Data: True
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager 
Name: ProtocolOrder
Type: REG_MULTI_SZ
Value: httpbasic
  • On 32-bit Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager\Protocols\httpbasic 
Name: Enabled
Type: REG_SZ 
Data: True
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager 
Name: ProtocolOrder
Type: REG_MULTI_SZ
Data: httpbasic

20. To get the store accepted, log on as any user and restart the endpoint.

21. When the endpoint restarts, verify that the SSO functionality is enabled by running ssonsvr.exe, as described at http://support.citrix.com/article/CTX133855

22. You can now inject a user name and password into the SSO functionality by interacting with the Fast Connect API, using the LogonSsoUser() function described later in this document.

23. If you would like the Self-Service Plug-in UI to automatically log on and log off in response to the Fast Connect LogonSSOUser and LogoffSSOUser library calls and thereby update the user’s icons, enable the policy “Integrate Self Service Plugin with FastConnect” described in step 8.

Alternatively, you can manually update the UI and desktop icons following these calls by using the following sequence:

SelfService.exe –ipoll          // Refreshes the SSP GUI

24. Start Citrix Workspace app from the Start menu. The injected user will be logged on to Citrix Workspace app.

All the user’s applications then appear for the first time on the desktop, the Start menu, and within the SSP GUI.

25. To inject further user credentials into Citrix Workspace app through Fast Connect, repeat Step 15. Citrix Workspace app on the endpoint is now set up for SSO and Fast Connect API use.