To use the Fast Connect API you must first configure your site appropriately, including setting up SSO:
- If you are using StoreFront, enable the HTTP Basic authentication method as follows:
2. Install Citrix Receiver for Windows 4.2 or later using the
3. By default, user credentials are captured at Windows session logon. This may not always be desirable, especially in off-domain pass-through scenarios; to disable logon credential capture, use the
- Import the
receiver.admxfiles and then open
gpedit.msc. This will make the Group Policy templates appear within the gpedit.msc GUI.
- For information on importing Group Policy Object administrative template for Citrix Workspace app for Windows Version 4.5 and later, see Citrix Product Documentation.
- For information on importing Group Policy administrative template for Citrix Workspace app for Windows Version 4.6, see Citrix Product Documentation.
5. Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > User authentication.
6. Select the GPO policy Kerberos authentication, double-click it, and then disable it.
The order in which you configure policies is important. You must disable Kerberos authentication before configuring the Local user name and password policy as described in step 6.
7. To allow SSO functionality, locate the GPO policy Local user name and password, double-click it, and then enable the following options:
- Enable pass-through authentication
- Allow pass-through authentication for all ICA connections
8. Navigate to the administrative templates folder and then select Citrix Components > Citrix Workspace > Fast Connect API Support
9. To allow Fast Connect functionality, locate the GPO policy Manage FastConnectAPI support, double-click it, and then enable the following options:
- Enable the GPO
- Enable Fast Connect API Functionality
- Disable Leave Apps Running On Logoff
- Enable Integrate Self Service Plugin with FastConnect
10. Optionally, in the administrative templates folder, select Citrix Components > Citrix Workspace > SelfService > Manage App shortcut:
- Startmenu Directory = Citrix
- Desktop Directory = Citrix
- Disable Startmenu Shortcut = False (clear checkbox)
- Enable Desktop Shortcut = True (select checkbox )
- Disable Categorypath = True (select checkbox to use StoreFront categories in the Start menu)
- RemoveAppsOnLogoff = True (select checkbox)
- Clear the set of applications shown in the Citrix Workspace app for Windows on log off = True (select checkbox)
- Prevent Citrix Workspace app performing a refresh of the application list when opened = True (select checkbox)
- Ignore self service selection of apps and make all mandatory = False (clear checkbox), but True (select checkbox) if you are using Web Interface
11. Optionally, select SelfService > Control when Workspace attempts to reconnect to existing sessions:
- Enable the policy
- Choose the appropriate combination of reconnect conditions
12 Optionally, select SelfService > Enable application Prelaunch. Enable this policy to disable prelaunch.
13. If you are using StoreFront, add the FQDN of the XenDesktop Controller to the intranet zone: You can set this through Group Policy:
- Select Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
- Select Site to Zone Assignment List, enable it, then add the FQDN of the XenDesktop Controller as a zone assignment with a value of 1. For more details, see http://blogs.msdn.com/b/askie/archive/2012/06/05/how-to-configure-internet-explorer- security-zone-sites-using-group-polices.aspx
14. On the command line, rungpupdate/forceto apply these settings.
15 Start Citrix Workspace app from the Start menu.
16. When you are prompted for an account, specify the URL for your StoreFront Services Site, StoreFront XenApp Services Site, or Web Interface XenApp Services Site.
A StoreFront URL looks like this: https://SMBSZ-XENAPPS1.xa.local/Citrix/Store/discovery
A Web Interface URL looks like this: https://SMBSZXENAPPS1.xa.local/Citrix/PNAgent/config.xml
If you require an http (unsecure) URL, first perform step 13 above before re-attempting this step.
17. If you are using a HTTP site, set the following registry key to allow HTTP traffic for Citrix Workspace app:
- On 64-bit Windows:
HKLM\SOFTWARE\Wow6432Node\Citrix\Authmanager Name: ConnectionSecurityMode Type: REG_SZ Data: Any
- On 32-bit Windows:
HKLM\SOFTWARE\Citrix\AuthManager Name: ConnectionSecurityMode Type: REG_SZ Data: Any
18. Restart Citrix Workspace app for Windows.
19. If you are using StoreFront, create the following registry keys and values on the endpoint(s) to allow HTTP Basic authentication, which is needed for SSO:
- On 64-bit Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager\Protocols \httpbasic Name: Enabled Type: REG_SZ Data: True
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\AuthManager Name: ProtocolOrder Type: REG_MULTI_SZ Value: httpbasic
- On 32-bit Windows:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager\Protocols\httpbasic Name: Enabled Type: REG_SZ Data: True
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager Name: ProtocolOrder Type: REG_MULTI_SZ Data: httpbasic
20. To get the store accepted, log on as any user and restart the endpoint.
21. When the endpoint restarts, verify that the SSO functionality is enabled by running ssonsvr.exe, as described at http://support.citrix.com/article/CTX133855
22. You can now inject a user name and password into the SSO functionality by interacting with the Fast Connect API, using the LogonSsoUser() function described later in this document.
23. If you would like the Self-Service Plug-in UI to automatically log on and log off in response to the Fast Connect LogonSSOUser and LogoffSSOUser library calls and thereby update the user’s icons, enable the policy “Integrate Self Service Plugin with FastConnect” described in step 8.
Alternatively, you can manually update the UI and desktop icons following these calls by using the following sequence:
SelfService.exe –ipoll // Refreshes the SSP GUI
24. Start Citrix Workspace app from the Start menu. The injected user will be logged on to Citrix Workspace app.
All the user’s applications then appear for the first time on the desktop, the Start menu, and within the SSP GUI.
25. To inject further user credentials into Citrix Workspace app through Fast Connect, repeat Step 15. Citrix Workspace app on the endpoint is now set up for SSO and Fast Connect API use.