Product Documentation

Sending App Controller Application Lists to Citrix Receiver

Oct 08, 2015

When you send App Controller application lists to Citrix Receiver, you can configure the access level users have for apps, desktops, and documents published in App Controller or StoreFront. You can configure one of the two following scenarios:

  • Users can connect with Receiver or Worx Home to App Controller only. In this scenario, users have access only to their mobile, web, and SaaS apps, stores, and web links that you configured in App Controller. When users start Receiver on their device, Receiver contacts App Controller to obtain a list of available resources.
  • Users can connect with Receiver to App Controller and to StoreFront. In this scenario, users have access to apps and documents from App Controller, as well as to published resources from XenApp and XenDesktop. StoreFront aggregates applications from App Controller, XenApp farms, and XenDesktop sites. When users connect with Receiver, the resources you define in App Controller and StoreFront appear in the Receiver store.

This scenario works as follows:

  • StoreFront sends a request message to App Controller.
  • In the response to the request, App Controller sends the list of enterprise web applications and SaaS applications that are managed by App Controller.
  • As part of the request, StoreFront includes the user identifier (user ID or network ID) of the user who started Receiver.
  • When App Controller receives the request data along with a user ID, App Controller returns the list of applications that are applicable to the role of the user as defined in App Controller.
  • If the user is not assigned to a specific role and is part of the AllUsers role, the applications that are not assigned to any role appear for that user.

If you configure categories in App Controller, the categories appear as icons in Receiver. For more information about categories, see Configuring Categories.

Receiver provides a mechanism through which users can request an account for an application. When the process is complete, App Controller creates the user account. The application then appears in Receiver.

For users to receive their application list, you need to do the following:

  • Create an authentication service for StoreFront.
  • Create a store in StoreFront.
  • Add stores to Receiver.

For more information about configuring StoreFront, see the StoreFront documentation in the eDocs library.

You can configure connections to StoreFront in App Controller by using Deployment settings on the Settings tab. You can choose one of the following Citrix Receiver deployment scenarios:

  • Default. The default setting configures connections to App Controller from Receiver.
  • StoreFront. When you add the StoreFront web address, App Controller creates the authentication token validation service setting and trust settings to allow users to successfully connect by using Receiver to all of their resources in App Controller, XenApp, and XenDesktop.
  • Authentication Server. This setting enables all connections to route through App Controller and then to StoreFront.
  • NetScaler Gateway. When you choose this setting, NetScaler Gateway resides in the DMZ. When users connect with Receiver, the connection first goes to App Controller which proxies the connection to StoreFront. StoreFront then authenticates users. Next, the connection is proxied through NetScaler Gateway and App Controller.

To configure App Controller to connect to StoreFront

  1. In the management console, click the Settings tab to open System Configuration.
  2. In the left pane, under System Configuration, click Deployment.
  3. In the details pane, next to Deployment, click Edit.
  4. Under StoreFront, in Enable, select Yes.
  5. To have StoreFront authenticate users and then pass the connection App Controller, in Use as auth server, select Yes.
  6. In Web address, type the web address of StoreFront and then click Save.

    If you want to use a different port number, type the web address as https://domainName.com:portNum. If you don't specify a port number, App Controller uses port 80 for HTTP and port 443 for HTTPS as the default port numbers.

When you save the StoreFront Web address, App Controller automatically creates the authentication token validation service URL of StoreFront.

Enabling Access to Windows-Based Apps from Worx Home or Receiver

You can configure trust settings in App Controller 2.8 to allow users to access their mobile, web, SaaS and Windows-based apps through Receiver or Worx Home. For more information about configuring the trust settings, see To configure App Controller to connect to StoreFront.

  1. In the management console, click the Apps & Docs tab.
  2. In the left pane, under XenApp/XenDesktop, click Windows Apps.
  3. Next to Win Apps Configuration, click Edit.
  4. In Host, type the PNA site of the Web Interface or the fully qualified domain name (FQDN) or IP address of StoreFront.

    For example, enter storefront.johndoe.local.

  5. In Port, enter the port of the Web Interface or for the server running StoreFront. The default port number is 443.
  6. In Relative Path, enter the path to the Web Interface or StoreFront.

    For example, for the Web Interface, enter /Citrix/PNAgent/config.xml. For StoreFront, enter /Citrix/Store/PNagent/config.xml.

  7. Select Allow secure access to specify an HTTPS connection.

Keep in the mind the following scenarios that occur when you configure the preceding settings and deploy StoreFront on the Settings tab in the management console:

  • If you enable StoreFront, disable authentication in App Controller and then provide the StoreFront web address in App Controller, users can connect to their Windows-based apps. On the Apps & Docs tab, you configure Windows App settings by following the procedure in this topic. In this scenario, users can connect to App Controller with Worx Home and access mobile, web, SaaS, and Windows-based apps. If users connect with Receiver for Windows or Receiver for Mac, they can access apps in either StoreFront or App Controller.
    Note: If you have users who connect from a remote location and you disable StoreFront authentication as in the first scenario, NetScaler Gateway authenticates users. To allow NetScaler Gateway to authenticate users, you need to configure authentication settings on NetScaler Gateway and configure App Controller to connect to NetScaler Gateway. For details, see Configuring Authentication on NetScaler Gateway and App Controller and NetScaler Gateway.
  • If you enable StoreFront and enable authentication in App Controller, you cannot configure Windows-based apps on the Apps & Docs tab. In this scenario, users cannot access Windows-based apps. When users connect, StoreFront authenticates users. If users connect with Worx Home to App Controller, they have access to mobile, web, and SaaS apps only. Users who connect with Worx Home do not have access to Windows-based apps in StoreFront. Users who connect with Receiver must connect to StoreFront directly to access Windows-based apps.
  • If you disable StoreFront and disable authentication in App Controller, and you configure Windows App settings, users can access HDX apps when they connect with Worx Home and Receiver.