[THIN] Re: web interface 5.0 with 4.5 presentation servers
- From: Steve Snyder <kwajalein@xxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Sat, 23 May 2009 09:28:41 +1200
You're pretty much on track - I use WI51 and PS 45 but smartcards, on my
published desktops I could never get smartcard passthrough to work right
with 11 so I use 10.2
Mark, you have access to the same documents that Carl does, but mere mortals
like you and I typically can't memorize all of them in their entirety.
On Sat, May 23, 2009 at 3:54 AM, Heflin, Janet <
Janet.Heflin@xxxxxxxxxxxxxxxx> wrote:
> When I create the site I check use pass-through
>
>
> ------------------------------
>
> *From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
> Behalf Of *Carl Stalhood
> *Sent:* Friday, May 22, 2009 7:23 AM
> *To:* thin@xxxxxxxxxxxxx
> *Subject:* [THIN] Re: web interface 5.0 with 4.5 presentation servers
>
>
>
> Web Interface supports two different types of sites: XenApp Web and XenApp
> Services. XenApp Web is the one that creates the webpage. XenApp Services is
> used by the client formerly known as PNAgent.
>
>
>
> PNAgent is the preferred method for pass-through authentication. The XenApp
> login box you are seeing is from the PNAgent client. I suspect you did not
> enable pass-through on the XenApp services site.
>
>
>
> There are two different 11.0 client installers. One is the web client and
> does not support pass-through. The other is the plug-in which actually
> contains three clients. When installing the plug-in, you are not required to
> install all three clients. If the users will only access their apps through
> a Web Interface webpage, install the plug-in but only install the web client
> that is contained in the plug-in.
>
>
>
> If you must enable pass-through in the Web Interface website, the 11.0
> client requires a group policy to enable pass-through. Install the XenApp
> plugin (web client only if you prefer) and enable pass-through during the
> install. Then simply add icaclient.adm to a group policy in the domain and
> turn on pass-through.
>
>
>
> There should be no need to modify appsrv.ini.
>
>
>
> The reasoning behind the extra effort to enable pass-through for a Web
> Interface website is to give users control over enabling pass-through for
> non-trusted Web Interface websites. If you go to a malicious Web Interface
> website, you probably don't want to allow it to upload your credentials
> without your permission.
>
>
>
> Program Neighborhood is not needed. It has already been removed from the
> Citrix Receiver and it probably won't be included in future client versions.
>
>
>
>
>
>
>
> On Fri, May 22, 2009 at 1:07 AM, Heflin, Janet <
> Janet.Heflin@xxxxxxxxxxxxxxxx> wrote:
>
> Here is the problem how to get the web interface to have pass-through
> authentication working.
>
>
>
> Below is what we had to do to actually get pass-through authentication
> working with the web interface and I hope this is not Citrix’s solution.
>
>
>
> We have 2 4.5 presentation servers and 1 5.0 web interface server and 11.0
> plug-in. To actually get this plug-in to work
>
>
>
> 1. Install the Program Neighborhood
> 2. Add in the APPSRV.INI the following
>
> [WFClient]
>
> EnableSSOnThruICAFile=On
>
> SSOnUserSetting=On
>
> Enable_SSOn=yes
>
> 1. add the icaclient.adm to the local policy on my laptop
> 2. go into the advance setting in network properties and in the
> provider orders make Citrix Single-Sign-on first.
>
>
>
> Now I am stuck with the XenApp sign box when I log in to my laptop (I can
> hit cancel and continue).
>
>
>
> There has to be a better way to get the web-interface to work using
> pass-through without having to do all of the above.
>
>
>
> Anyone out there have a better solution? I really hope this is not Citrix
> solution
>
>
>
> Janet
>
> *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Janet Heflin
> Information Technology
> T.D. Williamson, Inc.
> Phone: (918) 447-5168
> Email: janet.heflin@xxxxxxxxxxxxxxxx
> Help Desk Phone: (918) 447-5222**
> Help Desk Email: ** <helpdesk@xxxxxxxxxxxxxxxx>helpdesk@xxxxxxxxxxxxxxxx
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
>
>
>
>
> ------------------------------
>
> This message and any attachments may be a confidential attorney-client
> communication or otherwise be privileged and confidential. If you are not
> the intended recipient, any review, distribution or copying of this
> transmittal is prohibited. If you have received this transmittal in error,
> please reply by e-mail and delete this message and all attachments
>
>
>
> ------------------------------
> This message and any attachments may be a confidential attorney-client
> communication or otherwise be privileged and confidential. If you are not
> the intended recipient, any review, distribution or copying of this
> transmittal is prohibited. If you have received this transmittal in error,
> please reply by e-mail and delete this message and all attachments
>
>
Other related posts:
