Citrix Workspace app for Linux - Preview
You can download Citrix Workspace app for Linux 2411 EAR version from the Downloads page.
For information on installation, see Install page.
Note:
This is an Early Access Build shared for the purpose of testing or validation with the intent to make organizations ready for the upcoming release and is NOT advised to be deployed in production environments.
What’s new
- Support for Ubuntu 2404
- NFC support for FIDO2 authentication
- Enhanced keyboard and IME diagnostics tool
- Improved audio echo cancellation support
- Noise suppression
- Audio Quality Enhancer for Adaptive Audio (Technical preview)
- Connection Strength Indicator on Desktop Viewer Toolbar
- Enhance desktop launch and screen resizing experience
- Multi-Monitor Layout Selection
- Sustainability Initiative from Citrix Workspace App
- Bidirectional content redirection
- Support for Ubuntu 2404
- HDX Direct
- Customization of Desktop Viewer Toolbar
Support for Ubuntu 2404
To support Citrix Workspace App Linux for Ubuntu 2404, backporting the webkit2gtk library is required. Follow the steps below to backport the library based on your architecture:
-
For x64 Architecture:
- Add the following entry in
/etc/apt/sources.list
: debhttp://gb.archive.ubuntu.com/ubuntu
jammy main - Install the library:
sudo apt update
sudo apt install libwebkit2gtk-4.0-dev
- Post successful installation of the library (libwebkit2gtk-4.0-dev), remove the following entry from the list:
deb
http://gb.archive.ubuntu.com/ubuntu
jammy main
- Add the following entry in
-
For arm64 Architecture:
- Add the following entry in
/etc/apt/sources.list
: deb [arch=arm64]http://ports.ubuntu.com/
jammy main multiverse universe - Install the library:
sudo apt update
sudo apt install libwebkit2gtk-4.0
- Post successful installation of the library (libwebkit2gtk-4.0-dev), remove the following entry from the list.
deb [arch=arm64]
http://ports.ubuntu.com/
jammy main multiverse universe
- Add the following entry in
Note:
If this does not work due to dependencies, install pixbuf-2.40 separately:
sudo apt install libgdk-pixbuf-2.0-0=2.40.0+dfsg-3
NFC support for FIDO2 authentication
With this release, Citrix Workspace app for Linux supports Near-field communication (NFC) authentication with FIDO2 authenticators. With this feature, you can use the NFC-supported FIDO2 keys for authenticating into cloud and on-premises stores. This feature also supports authentication within the HDX session. This feature can provide quick and easy wireless authentication when connecting to cloud and on-premises stores and for HDX sessions.
Prerequisites
Hardware requirements
- NFC-supported FIDO2 keys. For example, Yubikey5.
- NFC-supported FIDO2 readers that are compatible with Linux clients. For example, ACR1252U-M.
Software Requirements
The following software packages are required for this feature:
- swig
- libpcsclite-devel and pcsc-lite for CentOS or RHEL
- libpcsclite-dev and pcscd for Ubuntu
- python3 and python3-pip
- Python packages:
pyscard
,uhid
, andfido2
- Chromium browser (if Citrix Enterprise Browser is not preferred). The preferred installer for the Chromium browser is the Debian package, which can be downloaded from the Chromium downloads page. It is not recommended to install Chromium as a snap.
Note:
- Administrators can install the above packages by running the
setupFIDO2Service.sh
script that is located at<ICAROOT>/util/Fido2HIDBridge
as a sudo user. ThissetupFIDO2Service.sh
script is an example for Ubuntu and RHEL OS. Admins can modify this script as required for their OS configuration.- This feature is not supported on the Ubuntu x86-64, RHEL x86-64, and ARM64 architectures.
How to enable this feature
-
Ensure that the
fido2-hid-bridge.service
is running, as it’s usually installed with the Citrix Workspace app. If it isn’t running, you can start it manually. -
Navigate to
$ICAROOT/config/AuthManConfig.xml
and add the following entries:<key>FIDO2Enabled</key>
<value>true</value>
Disable Long Lived Token as well
<longLivedTokenSupport>false</longLivedTokenSupport>
-
If required, modify the default browser by navigating to
$ICAROOT/config/AuthManConfig.xml
and updating the browser settings as required. The possible values areCEB
andchromium
. The default value isCEB
.<FIDO2AuthBrowser>CEB</FIDO2AuthBrowser>
-
To display the App Authenticator in full screen, add the following entry:
<Fido2FullScreenMode>true</Fido2FullScreenMode>
By default, the App Authenticator is displayed in the window mode.
How to Use This Feature
-
Add
StoreURL
andResourceName
in$ICAROOT/config/AuthManConfig.xml
:<StoreURL>test.cloud.com</StoreURL>
<ResourceName>Notepad</ResourceName>
-
Navigate to
$ICAROOT/util
and runnfcui
. -
Once the store is added, either tap or click “Continue” for authentication.
-
On the authentication page, enter the user credentials and select the sign-in option: Face, Fingerprint, PIN, or Security key.
-
Tap the NFC-supported FIDO2 key on the reader.
-
Enter the PIN for your security key and click Next.
-
After successful authentication, click Yes on the Stay signed in? window.
-
Once authentication is completed, the configured VDA or the app is launched.
The application is successfully launched.
Enhanced keyboard and IME diagnostics tool
Starting with version 2411, a new self-service command-line tool hosted in the Windows Virtual Desktop app is supported by Citrix Workspace app for Linux to diagnose keyboard and Input Method Editor (IME) related issues. This tool meets various user requirements, provides platform versatility, and caters to personalized needs.
The keyboard and IME functions depend on different configurations and capabilities in the Virtual Delivery Agent (VDA) and Citrix Workspace app. Incorrect settings in the VDA or client-side might result in unexpected input behavior.
With this tool, you can easily identify the following issues that were previously difficult to find:
- Keyboard Layout Sync Mode Inconsistency: Checks the keyboard layout sync settings and group policies and resolves problems in sync mode configurations within a given environment.
- Client and VDA Keyboard Layout Inconsistency: Verifies if the client keyboard layout matches the VDA keyboard layout.
- Transparent Key Pass-Through from Client to VDA: Examines the windowing system, client transparent key pass-through settings, and session full-screen mode to suggest best practices.
- Keyboard Input Mode Inconsistency: Reviews the VDA policy and the selected keyboard input mode to confirm if keyboard functions operate correctly.
Prerequisites
- Citrix Workspace app for Linux 2411 or higher.
- Windows VDA 2502 or higher.
The command-line tool is hosted in Windows VDA as CtxKbImeDiagnostics.exe
. The following interfaces are available:
Interface | Description | Note |
---|---|---|
CtxKbimeDiagnostics |
Shows diagnostic results for the current user’s ICA sessions. | If the user has admin privileges, it shows diagnostics for all active ICA sessions. If the user has no admin privileges, it shows diagnostics for the current user’s ICA sessions. |
CtxKbimeDiagnostics [-v] |
Shows setting information and diagnostic results for the current user’s ICA sessions. | Admin privileges show diagnostics for all active ICA sessions. |
CtxKbimeDiagnostics [-v] [-s Session_Id] |
Shows setting information and diagnostic results for a specific session. | |
CtxKbimeDiagnostics [-s Session_Id] |
Shows diagnostic results for a specific session. | Admin privileges can query other ICA sessions. Normal users can query their own sessions. |
CtxKbimeDiagnostics [-s Session_Id] [-v] |
Shows all setting information and diagnostic results for a specific session. | Admin privileges can query other ICA sessions. Normal users can query their own sessions. |
CtxKbimeDiagnostics [-h] |
Shows supported arguments/parameters and examples. | Help interface. |
CtxKbimeDiagnostics [-V] |
Shows the current tool version. |
Improved audio echo cancellation support
Citrix Workspace app now supports the echo cancellation feature designed to enhance real-time user experiences. The echo cancellation feature supports low quality, medium quality, and adaptive audio. Citrix recommends using adaptive audio for better performance.
Starting with version 2411, the echo cancellation feature is enabled by default. During real-time user cases, it is recommended to turn on echo cancellation if the speaker is used instead of a headset.
To Disable Echo Cancellation
- Navigate to the
<ICAROOT>/config
folder and open themodule.ini
file. -
Go to the
[ClientAudio]
section and update the value of theEnableEchoCancellation
parameter as follows:EnableEchoCancellation=False
Noise suppression
With this release, Citrix Workspace app now offers improved audio redirection with enhanced noise suppression. This feature reduces background noise, ensuring clearer and more accurate speech, improving the overall communication experience.
This feature is disabled by default. To enable this feature, follow the steps below:
Enabling Noise Suppression
-
Navigate to the Preferences > Audio > Noise Suppression. The Noise Suppression screen appears.
- Select one of the options:
- None: This is the default setting and does not use or affect resource consumption.
- Low: Noise reduction is minimal and uses the least amount of resources.
- High: Noise reduction is applied at maximum intensity with the best performance and uses higher resource consumption than the Low setting.
- Click OK. The selected configuration is applied.
Note:
- Changes apply only to the current session and will reset once the session ends.
- This feature is supported only on x64 and ARM64 Linux distributions. On x64 Linux, both Low and High options are available, while on ARM64 Linux, only the Low option is available due to CPU limitations on ARM devices.
Audio Quality Enhancer for Adaptive Audio [Technical Preview]
Starting with version 2411, the Audio Quality Enhancer has been added for Adaptive Audio. This feature significantly improves audio quality, especially in scenarios with packet loss or network disruptions.
Key Features
- Intelligent Packet Loss Management: Audio Quality Enhancer effectively manages short periods of packet loss and network disruptions by intelligently reconstructing audio from previous samples, preventing noticeable degradation in quality.
- Adaptive Audio Recovery: The feature adaptively recovers lost audio packets only when needed, ensuring minimal impact on the user experience.
- Dynamic Enable/Disable: The enhancer automatically enables and disables based on sustained changes in packet loss conditions.
- Optimized Audio in All Conditions: The feature optimizes audio playback and recording quality in both good and poor network conditions.
Enabling Audio Quality Enhancer
To enable Audio Quality Enhancer, follow these steps on the client:
- Enable Adaptive Audio. For more information, see Adaptive Audio.
- Enable Loss Tolerant Mode for Audio. For more information, see Loss Tolerant Mode for Audio.
-
Edit the
module.ini
file**- Open
/opt/Citrix/ICAClient/config/module.ini
- Set the following configuration options:
PacketLossConcealmentEnabled=TRUE
EnableNetStat=TRUE
- Open
- Enable Audio Quality Enhancer on the VDA. Enable this feature on both VDA (Virtual Delivery Agent) and the Citrix Workspace app for end-to-end functionality, covering both audio playback and recording.
Disabling Audio Quality Enhancer
To disable Audio Quality Enhancer, follow these steps on the client:
-
Disable the feature.
- Edit the
module.ini
file located at/opt/Citrix/ICAClient/config/module.ini
- Set the following configuration options:
PacketLossConcealmentEnabled=FALSE
EnableNetStat=FALSE
- Edit the
-
Disable Audio Quality Enhancer on the VDA. Ensure that this feature is also disabled on the VDA to fully disable the feature across both ends.
Connection Strength Indicator on Desktop Viewer Toolbar
Starting with version 2411, Citrix Workspace app for Linux now supports the Connection Strength Indicator (CSI) on the Desktop Viewer toolbar. This feature displays a network strength icon that alerts you of network issues. You can click the indicator to view real-time connection statistics for the client and VDA, and copy diagnostic information to share with IT for advanced troubleshooting.
Benefits
- Immediate feedback: The network strength icon gently nudges users when network issues are detected.
- Enhanced troubleshooting: Real-time stats and diagnostics help users and IT teams quickly identify and resolve connectivity issues.
Prerequisites
This feature is only available when a session is opened using:
- VDA 2407 or later.
- VDA 2402 LTSR CU1 or later.
- The Supportability Virtual Channel is enabled on the client side.
This feature is enabled by default. When you open the Citrix Workspace app session, you can see the Connection icon on the Desktop Viewer toolbar.
Note:
If you are using a lower version of VDA, the Connection icon won’t be visible.
The connection strength indicator on the Desktop Viewer toolbar provides users with immediate feedback on their network connectivity and offers detailed real-time stats for enhanced troubleshooting. This feature aims to improve user experience and reduce the time spent on resolving connectivity issues.
Enhanced Desktop Launch and Screen Resizing Experience
Starting with version 2408, Citrix Workspace App for Linux ensures an improved desktop launch and resizing experience. You’ll experience a seamless, flicker-free transition to your desktop without intermediate screens. The app also eliminates dark screens and flickering during resizing or stretching, ensuring a stable and modern interface.
Note:
- The enhanced virtual desktop screen resizing experience feature is enabled by default.
- The enhanced desktop launch experience feature is enabled by default.
To Disable the Enhanced Desktop Launch Experience Feature
- Navigate to the
$HOME/.ICAClient/wfclient.ini
folder. - Go to the
[WFClient]
section. -
Add the following entry:
DesktopLaunchEnhancement=False
To Disable the Enhanced Virtual Desktop Screen Resizing Experience Feature
- Navigate to the
$HOME/.ICAClient/wfclient.ini
folder. - Go to the
[WFClient]
section. -
Add the following entry:
EnhancedResizingEnabled=False
Multi-Monitor Layout Selection
Starting with version 2411, the Multi-Monitor Selector (MMS) allows users to choose which displays to use in full-screen mode for desktop sessions only, not for seamless sessions. A new Multi-Monitor button has been added to the toolbar, which appears only when more than one screen is connected. This feature enhances the flexibility and usability of multi-monitor setups in desktop sessions, providing a more tailored and efficient user experience.
Multi-monitor layout selection feature is disabled by default. To Enable multi-monitor layout selection feature:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
folder. - Navigate to
[WFClient]
section. - Add the following entry:
MultiMonitorSelectionEnabled=True
Multi-monitor menu options
The toolbar button includes three dropdown menu options for desktop sessions in full-screen mode:
-
Extend to All Displays: The session switches to full-screen mode on all connected screens.
-
Custom Layout: This option opens a custom monitor selector displaying the layout of the Linux system. Users can click on the rectangles in the selector to choose which screens to use and then click Apply. The session then uses the selected screens in full-screen mode.
-
Fullscreen: The session switches to full-screen mode on the current single display where the toolbar is located or where the button is clicked.
When a new monitor is plugged in, a notification appears for the user to make a selection. Users can check “Remember my preference” to mute this notification.
Sustainability Initiative from Citrix Workspace App
From the Citrix Workspace app 2402 version onwards, the following prompt might appear when you click Disconnect, Sign Out, or Close a virtual desktop.
Users can either Sign Out or Disconnect from the session.
Note:
By default, this feature is disabled. To enable the dialog box for end users, administrators must configure the feature.
Benefits
This feature allows organizations to encourage users to be more mindful of their energy consumption when using virtual desktops. It might help conserve energy by reminding end users to sign out of unused VMs when not required. By reducing the number of unused VMs left running, organizations can conserve energy.
Configuration to Customize the Text on the Save Energy Screen
By default, this feature is disabled. If you don’t edit the client-side configuration, the following dialog box appears to the end users.
To enable the Sustainability feature, edit the client-side configuration and add the following line to ~/.ICAClient/wfclient.ini
:
`CloseDialogVersion=1`
This means the end users won’t have an option to Sign Out. By default, you can force the end users to click Disconnect.
To use the Sustainability feature with a custom message, modify the delivery group on DDC with the following configuration:
For example:
KEYWORDS: ICA-LogOffOnClose=true ICA-PromptMessage="Signing out can help save energy. Remember to save your work. Disconnect will close the window but will keep the virtual desktop running. You can easily resume your work later."
You can even customize the leaf icon and the title on DDC with the following configuration:
For example: KEYWORDS: ICA-LogOffOnClose=true ICA-PromptMessage=”Do you want to Log off?” ICA-Title=”Log out or disconnect?” ICA-Icon=false Note: If a keyword is missing, the default value is used.
The Custom Dialog Box Message The custom dialog box message will appear as follows:
Bidirectional content redirection
Previously, Citrix Workspace app for Linux only supported bidirectional URL redirection from host to client. This feature was disabled by default.
Starting with this release, Citrix Workspace app for Linux enables client-to-host URL redirection by default, but only when the following conditions are satisfied:
- Configurable only through server-side policy (VDA 2402+ required).
- OAuth redirection is not included.
- Users must install and configure the following Chrome extension for full functionality: Browser Redirection Extension.
Configuration
- Desktop Delivery Controller (DDC) and Web Studio Configuration
- Ensure DDC release 2402 or later (or the build being tested) is used.
- If not already installed, rerun the DDC installer to add Web Studio to the DDC.
- In Web Studio, enable the “Bidirectional content redirection configuration” policy. Specify URLs to be redirected in both directions (e.g.,
https://www.citrix.com/*
for Client-to-VDA andhttps://www.cloud.com/*
for VDA-to-client). Avoid using the same URL for both directions to prevent looping. - Disable any legacy policies related to URL redirection as they are now deprecated.
- VDA Setup
- Sign in as a domain administrator.
- Install a Chromium-based browser (Chrome or Edge) on the VDA.
- Install VDA version 2402 or later.
- Run the following command: `sudo /opt/Citrix/HDX/bin/vdaredirector /regAll’
Note:
This command configures registry keys and sets up Chrome and Edge to prompt for installation of the “Browser Redirection Extension” upon first opening in a VDA session.
- Linux Client Configuration
- Install a Chromium-based browser (Chrome or Edge) on the Linux client, as required by the test case.
- Install the Linux CWA version to be tested.
-
Run the following command on the Linux client:
sudo cp /opt/Citrix/ICAClient/config/hdppkjifljbdpckfajcmlblbchhledln.json /opt/google/chrome/extensions/
- Client Network Configuration
- Edit the
/etc/hosts
file on the Linux client (as root) to add a line with the IP address and Fully Qualified Domain Name (FQDN) of the DDC, and save the changes. - Exit and relaunch CWA.
- Connecting to the DDC
- Enter the DDC store URL (e.g.,
http://<ddc-fqdn>/Citrix/Store
) into the CWA UI and click Continue. - Log in using non-admin domain credentials.
- Launch a desktop session on the VDA.
- Within the desktop session, open Chrome or Edge.
- Enable Browser Redirection Extension
- Inside the desktop session’s browser, you should be prompted to enable the Browser Redirection Extension. In Chrome, click the three dots in the upper-right corner, then select New extension added (Browser Redirection Extension).
- Click Enable Extension.
-
Edge Browser Setup. For Edge, after closing and reopening the local client browser, you will be prompted to enable the Browser Redirection Extension. Enable it when prompted.
-
Finalize Configuration. Close the local client browser, log off the desktop session, and the setup is complete.
HDX direct
When accessing Citrix-delivered resources, HDX Direct allows both internal and external client devices to establish a secure direct connection with the session host if direct communication is possible. Starting with 2411 version, this feature is enabled by default. To disable this feature, do the following:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
file. - Go to the [WFClient] section and add the following entry:
DirectConnectEnabled=False
For more information, see HDX direct.
Customization of Desktop Viewer Toolbar
With the 2411 release, you have more control over the Desktop Viewer toolbar. You can customize toolbar options using the Global App Configuration service (GACS) or the .ini
file.
You can customize the following:
- Show/hide the full Desktop Viewer Toolbar for end users.
- Choose which tabs appear on the Desktop Viewer Toolbar.
Configuration
You can customize the Desktop Viewer toolbar using GACS Admin UI or the .ini
file.
Using GACS
To configure the customization of the Desktop Viewer toolbar through the GACS Admin UI, follow these steps:
-
Sign in to citrix.cloud.com with your credentials.
Refer to the Sign Up for Citrix Cloud article for step-by-step instructions on creating a Citrix Cloud account. -
Upon authentication, click the menu button on the upper left corner and select Workspace Configuration. The Workspace Configuration screen appears.
-
Click App Configuration > Citrix Workspace app.
-
Select the Linux checkbox.
-
You can now update the settings under Session Experience > Toolbar.
For more information, refer to the Global App Configuration service documentation.
Using .ini File
To configure the customization of the Desktop Viewer toolbar through the .ini
file, follow these steps:
To Hide the Toolbar:
- Navigate to the
$HOME/.ICAClient/All_Regions.ini
file. - Under the
[Client Engine\GUI]
section, findConnectionBar=
. - Set
ConnectionBar=0;
To Show the Toolbar:
- Navigate to the
$HOME/.ICAClient/All_Regions.ini
file. - Under the
[Client Engine\GUI]
section, findConnectionBar=
. - Set
ConnectionBar=*
orConnectionBar=1;
To Configure Each Button on the Toolbar:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
file. - Go to the
[WFClient]
section and add the following entry as required.
For Button “Switch Desktop”:
- To show: Don’t set or
SwitchDesktopButtonVisible=True
- To hide:
SwitchDesktopButtonVisible=False
For Button “Ctrl+Alt+Del”:
- To show: Don’t set or
CtrlAltDelButtonVisible=True
- To hide:
CtrlAltDelButtonVisible=False
For Button “Devices”:
- To show: Don’t set or
DevicesButtonVisible=True
- To hide:
DevicesButtonVisible=False
For Button “Preferences”:
- To show: Don’t set or
PreferencesButtonVisible=True
- To hide:
PreferencesButtonVisible=False
For Button “Connection”:
- To show: Don’t set or
ConnectionButtonVisible=True
- To hide:
ConnectionButtonVisible=False
For Button “Multi-monitor”:
- To show: Don’t set or
MultiMonitorButtonVisible=True
- To hide:
MultiMonitorButtonVisible=False
For Button “Minimize”:
- To show: Don’t set or
MinimizeButtonVisible=True
- To hide:
MinimizeButtonVisible=False
For Button “Fullscreen / Restore”:
- To show: Don’t set or
FullscreenButtonVisible=True
- To hide:
FullscreenButtonVisible=False
For Button “Disconnect”:
- To show: Don’t set or
CloseButtonVisible=True
- To hide:
CloseButtonVisible=False
To Customize the Toolbar:
- Navigate to the
$HOME/.ICAClient/wfclient.ini
file. - Go to the
[WFClient]
section and add the following entry as required to hide options on the toolbar:DevicesButtonVisible=False
Fixed issues
- You might notice that SaaS apps fail to open and display the following error message: “curl_easy_perform() failed: SSL connect error in /var/log/citrix/ICAClient.log.” [RFLNX-10891]
- When App Protection is enabled, Microsoft Teams optimization might become unresponsive, causing issues with screen sharing. [HDX-71222]
- WebCam redirection uses additional bandwidth constraints for each resolution to ensure interactivity and image quality. [HDX-67167]
- WebCam redirection uses additional bandwidth constraints for each resolution to ensure interactivity and image quality. [HDX-67168]
- When you install Citrix Workspace app for Linux using the Debian package Manager on Ubuntu version 22.04, you get the following error: A dependency job for AppProtectionService-install.service failed. See ‘journalctl -xe’ for details. You get this error even though App Protection is successfully installed. [RFLNX-9995]
Known issues
You might encounter an installation error when installing Citrix Workspace for Linux on RHEL 9.
As a workaround, do the following steps to install successfully:
-
Run the following command to create the ‘nogroup’ group:
sudo groupadd nogroup
-
Run the following command to create the citrixlog user:
sudo useradd -g nogroup citrixlog
-
Run the following command to change the ownership of the Citrix Workspace directory:
sudo chown citrixlog:nogroup /opt/Citrix/ICAClient
-
Uninstall the previously installed Citrix Workspace app, and then reinstall it.
For more information, see Install.[RFLNX-10747]
Unable to connect Citrix Workspace app Linux to GoCloud Workspace inside LinuxVDA
After successfully authenticating to the cloud store in Citrix Workspace for Linux, you might encounter a “No Connection” error within the workspace.
Resolution
This issue may be caused by the Network Manager configuration on your machine. Specifically, if the Network Manager shows “Wired Unmanaged,” follow the steps below to resolve the issue.
- Navigate to /etc/NetworkManager.
- Edit
NetworkManager.conf
file. -
Set the managed field to true. Refer to the below screenshot:
- Create a new configuration file (10-globally-managed-devices.conf ) in this directory.
/etc/NetworkManager/conf.d
- Add Configuration to the New File and save this file. [keyfile] unmanaged-devices=*,except:type:ethernet,except:type:wifi,except:type:wwan
- Run this command:
sudo service network-manager restart
If the service is not available, use this command insteadsudo systemctl restart NetworkManager.service
After completing these steps, your network settings should be updated, and the “No Connection” issue should be resolved.