[THIN] Re: web interface 5.0 with 4.5 presentation servers

• From: "Heflin, Janet" <Janet.Heflin@xxxxxxxxxxxxxxxx>
• To: "thin@xxxxxxxxxxxxx" <thin@xxxxxxxxxxxxx>
• Date: Fri, 22 May 2009 10:54:05 -0500

When I create the site I check use pass-through

________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of 
Carl Stalhood
Sent: Friday, May 22, 2009 7:23 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: web interface 5.0 with 4.5 presentation servers

Web Interface supports two different types of sites: XenApp Web and XenApp 
Services. XenApp Web is the one that creates the webpage. XenApp Services is 
used by the client formerly known as PNAgent.

PNAgent is the preferred method for pass-through authentication. The XenApp 
login box you are seeing is from the PNAgent client. I suspect you did not 
enable pass-through on the XenApp services site.

There are two different 11.0 client installers. One is the web client and does 
not support pass-through. The other is the plug-in which actually contains 
three clients. When installing the plug-in, you are not required to install all 
three clients. If the users will only access their apps through a Web Interface 
webpage, install the plug-in but only install the web client that is contained 
in the plug-in.

If you must enable pass-through in the Web Interface website, the 11.0 client 
requires a group policy to enable pass-through. Install the XenApp plugin (web 
client only if you prefer) and enable pass-through during the install. Then 
simply add icaclient.adm to a group policy in the domain and turn on 
pass-through.

There should be no need to modify appsrv.ini.

The reasoning behind the extra effort to enable pass-through for a Web 
Interface website is to give users control over enabling pass-through for 
non-trusted Web Interface websites. If you go to a malicious Web Interface 
website, you probably don't want to allow it to upload your credentials without 
your permission.

Program Neighborhood is not needed. It has already been removed from the Citrix 
Receiver and it probably won't be included in future client versions.



On Fri, May 22, 2009 at 1:07 AM, Heflin, Janet 
<Janet.Heflin@xxxxxxxxxxxxxxxx<mailto:Janet.Heflin@xxxxxxxxxxxxxxxx>> wrote:

Here is the problem how to get the web interface to have pass-through 
authentication working.



Below is what we had to do to actually get pass-through authentication working 
with the web interface and I hope this is not Citrix's solution.



We have 2 4.5 presentation servers and 1 5.0 web interface server and 11.0 
plug-in.  To actually get this plug-in to work



 1.  Install the Program Neighborhood
 2.  Add in the APPSRV.INI the following

[WFClient]

EnableSSOnThruICAFile=On

SSOnUserSetting=On

Enable_SSOn=yes

 1.  add the icaclient.adm to the local policy on my laptop
 2.  go into the advance setting in network properties and in the provider 
orders make Citrix Single-Sign-on first.



Now I am stuck with the XenApp sign box when I log in to my laptop (I can hit 
cancel and continue).



There has to be a better way to get the web-interface to work using 
pass-through without having to do all of the above.



Anyone out there have a better solution?  I really hope this is not Citrix 
solution



Janet

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Janet Heflin
Information Technology
T.D. Williamson, Inc.
Phone: (918) 447-5168
Email: janet.heflin@xxxxxxxxxxxxxxxx<mailto:janet.heflin@xxxxxxxxxxxxxxxx>
Help Desk Phone: (918) 447-5222
Help Desk Email: <mailto:helpdesk@xxxxxxxxxxxxxxxx> 
helpdesk@xxxxxxxxxxxxxxxx<mailto:helpdesk@xxxxxxxxxxxxxxxx>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



________________________________
This message and any attachments may be a confidential attorney-client 
communication or otherwise be privileged and confidential. If you are not the 
intended recipient, any review, distribution or copying of this transmittal is 
prohibited. If you have received this transmittal in error, please reply by 
e-mail and delete this message and all attachments


________________________________
This message and any attachments may be a confidential attorney-client 
communication or otherwise be privileged and confidential. If you are not the 
intended recipient, any review, distribution or copying of this transmittal is 
prohibited. If you have received this transmittal in error, please reply by 
e-mail and delete this message and all attachments

• Follow-Ups:
  • [THIN] Re: web interface 5.0 with 4.5 presentation servers
    • From: Steve Snyder

• References:
  • [THIN] web interface 5.0 with 4.5 presentation servers
    • From: Heflin, Janet
  • [THIN] Re: web interface 5.0 with 4.5 presentation servers
    • From: Carl Stalhood

Other related posts:

• » [THIN] web interface 5.0 with 4.5 presentation servers- Heflin, Janet
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Carl Stalhood
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Joe Shonk
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Heflin, Janet
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Joe Shonk
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Landin, Mark
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers - Heflin, Janet
• » [THIN] Re: web interface 5.0 with 4.5 presentation servers- Steve Snyder

1. Home
2. thin
3. Archive
4. 05-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---