You're pretty much on track - I use WI51 and PS 45 but smartcards, on my published desktops I could never get smartcard passthrough to work right with 11 so I use 10.2 Mark, you have access to the same documents that Carl does, but mere mortals like you and I typically can't memorize all of them in their entirety. On Sat, May 23, 2009 at 3:54 AM, Heflin, Janet < Janet.Heflin@xxxxxxxxxxxxxxxx> wrote: > When I create the site I check use pass-through > > > ------------------------------ > > *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On > Behalf Of *Carl Stalhood > *Sent:* Friday, May 22, 2009 7:23 AM > *To:* thin@xxxxxxxxxxxxx > *Subject:* [THIN] Re: web interface 5.0 with 4.5 presentation servers > > > > Web Interface supports two different types of sites: XenApp Web and XenApp > Services. XenApp Web is the one that creates the webpage. XenApp Services is > used by the client formerly known as PNAgent. > > > > PNAgent is the preferred method for pass-through authentication. The XenApp > login box you are seeing is from the PNAgent client. I suspect you did not > enable pass-through on the XenApp services site. > > > > There are two different 11.0 client installers. One is the web client and > does not support pass-through. The other is the plug-in which actually > contains three clients. When installing the plug-in, you are not required to > install all three clients. If the users will only access their apps through > a Web Interface webpage, install the plug-in but only install the web client > that is contained in the plug-in. > > > > If you must enable pass-through in the Web Interface website, the 11.0 > client requires a group policy to enable pass-through. Install the XenApp > plugin (web client only if you prefer) and enable pass-through during the > install. Then simply add icaclient.adm to a group policy in the domain and > turn on pass-through. > > > > There should be no need to modify appsrv.ini. > > > > The reasoning behind the extra effort to enable pass-through for a Web > Interface website is to give users control over enabling pass-through for > non-trusted Web Interface websites. If you go to a malicious Web Interface > website, you probably don't want to allow it to upload your credentials > without your permission. > > > > Program Neighborhood is not needed. It has already been removed from the > Citrix Receiver and it probably won't be included in future client versions. > > > > > > > > On Fri, May 22, 2009 at 1:07 AM, Heflin, Janet < > Janet.Heflin@xxxxxxxxxxxxxxxx> wrote: > > Here is the problem how to get the web interface to have pass-through > authentication working. > > > > Below is what we had to do to actually get pass-through authentication > working with the web interface and I hope this is not Citrix’s solution. > > > > We have 2 4.5 presentation servers and 1 5.0 web interface server and 11.0 > plug-in. To actually get this plug-in to work > > > > 1. Install the Program Neighborhood > 2. Add in the APPSRV.INI the following > > [WFClient] > > EnableSSOnThruICAFile=On > > SSOnUserSetting=On > > Enable_SSOn=yes > > 1. add the icaclient.adm to the local policy on my laptop > 2. go into the advance setting in network properties and in the > provider orders make Citrix Single-Sign-on first. > > > > Now I am stuck with the XenApp sign box when I log in to my laptop (I can > hit cancel and continue). > > > > There has to be a better way to get the web-interface to work using > pass-through without having to do all of the above. > > > > Anyone out there have a better solution? I really hope this is not Citrix > solution > > > > Janet > > *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Janet Heflin > Information Technology > T.D. Williamson, Inc. > Phone: (918) 447-5168 > Email: janet.heflin@xxxxxxxxxxxxxxxx > Help Desk Phone: (918) 447-5222** > Help Desk Email: ** <helpdesk@xxxxxxxxxxxxxxxx>helpdesk@xxxxxxxxxxxxxxxx > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* > > > > > ------------------------------ > > This message and any attachments may be a confidential attorney-client > communication or otherwise be privileged and confidential. If you are not > the intended recipient, any review, distribution or copying of this > transmittal is prohibited. If you have received this transmittal in error, > please reply by e-mail and delete this message and all attachments > > > > ------------------------------ > This message and any attachments may be a confidential attorney-client > communication or otherwise be privileged and confidential. If you are not > the intended recipient, any review, distribution or copying of this > transmittal is prohibited. If you have received this transmittal in error, > please reply by e-mail and delete this message and all attachments > >