To configure smart card support in Citrix Workspace app for Linux, you must configure StoreFront server through the StoreFront console.
Citrix Workspace app supports smart card readers that are compatible with PCSC-Lite and PKCS#11 drivers appropriately. By default, Citrix Workspace app now locates
opensc-pkcs11.so in one of the standard locations.
Citrix Workspace app can find
opensc-pkcs11.so in a non-standard location or another
PKCS\#11 driver. You can store the respective location using the procedure below:
- Locate the configuration file:
Locate the line <key>PKCS11module</key> and add the driver location to the <value> element immediately following the line.
If you enter a file name for the driver location, Citrix Workspace app navigates to that file in the
$ICAROOT/PKCS\ #11directory. Alternatively, you can use an absolute path beginning with “/.”
After you remove a smart card, configure the behavior of Citrix Workspace app by updating the
SmartCardRemovalAction in the configuration file using the following steps:
- Locate the configuration file:
- Locate the line <key>SmartCardRemovalAction</key> and add
forcelogoffto the <value> element immediately following the line.
The default behavior is
noaction. No action is taken to clear credentials stored and tokens generated on removal of the smart card. The
forcelogoff action clears all credentials and tokens within StoreFront on removal of the smart card.
Enabling smart card support
Citrix Workspace app supports various smart card readers if smart card is enabled on both server and Citrix Workspace app.
You can use smart cards for the following purposes:
- Smart card logon authentication - Authenticates you to Citrix Virtual Apps servers.
- Smart card application support - Enables smart card-aware published applications to access the local smart card devices.
Smart card data is security sensitive and should be transmitted over a secure authenticated channel, such as TLS.
Smart card support has the following prerequisites:
- Your smart card readers and published applications must be PC/SC industry standard compliant.
- Install the appropriate driver for your smart card.
- Install the PC/SC Lite package.
- Install and run the
pcscdDaemon, which provides middleware to access the smart card using PC/SC.
- On a 64-bit system, both 64-bit and 32-bit versions of the “libpscslite1” package must be present.
If you are using the SunRay terminal with SunRay server software Version 2.0 or later, install the PC/SC SRCOM bypass package, available for download from
For more information about configuring smart card support on your servers, see Smart cards in Citrix Virtual Apps and Desktops documentation.
Support for multi-factor (nFactor) authentication
Multi-factor authentication enhances the security of an application by requiring users to provide multiple proofs of identify to gain access. Multi-factor authentication makes authentication steps and the associated credential collection forms completely configurable by the administrator.
Native Citrix Workspace app supports this protocol by building on the Forms logon support already implemented for StoreFront. The web logon page for Citrix Gateway and Traffic Manager virtual servers also consume this protocol.