Citrix Workspace app for Linux 2508 - Preview

You can download Citrix Workspace app for Linux 2508 preview version from the Downloads page.

For information on installation, see Install page.

You can give the EAR feedback using the Feedback form.

Note:

This is an Early Access Build shared for the purpose of testing or validation with the intent to make organizations ready for the upcoming release and is NOT advised to be deployed in production environments.

What’s new

• Mandate end users to authenticate and access apps and desktops through native app
• Addition of DisableClientAppManagement flag
• SSO to Citrix Workspace app through cookie sharing using Credential Insertion SDK
• Ubuntu 24.04+ webkit2gtk dependency resolution
• Hardware acceleration in Browser Content Redirection
• Keyboard settings change take effect without reconnect
• Audio Quality Enhancer to improve audio performance
• Enhanced Connection Strength Indicator
• Background blur for webcam redirection using UI
• Support for H.264 hardware decoding for seamless apps
• Browser Profile Sharing in Browser Content Redirection (Tech Preview)
• Support for EDT timeout configuration
• NFC support for FIDO2 Authentication
• GACS supports Citrix Workspace app for Linux
• Enhanced file transfer capabilities for Linux clients
• PDF Universal Printing
• Smart card authentication support for desktop lock mode- Technical Preview

Mandate end users to authenticate and access apps and desktops through native app

Starting with version 2508, admins can require Linux users to access Citrix Workspace exclusively through the native app. When enabled, users who try to access the store URL or use third-party browsers are automatically redirected to the Citrix Workspace app. This ensures users benefit from all native app features and enjoy a seamless experience.

If users attempt to connect using a browser and launch the HDX engine, they are prompted to add the store to the native client for future use. This feature gives admins greater control, enhances security by keeping authentication within the native app. Also, removes the need to download ICA files.

Admins can enable this feature in Citrix Cloud. Currently, it is supported only for Cloud stores.

For more information, see Mandate end users to authenticate and access apps and desktops through native app.

SSO to Citrix Workspace app through cookie sharing using Credential Insertion SDK

Citrix Workspace app for Linux now supports SSO for cloud-based stores through cookie sharing using the Credential Insertion SDK. The new API CitrixSSOnSDK::LogonSsoCookies allows clients to inject validated cookies from identity providers like Okta into the SSO cache. This feature enables seamless desktop and app launches without requiring domain credentials, eliminating redundant login steps and improving user experience. The single authentication path strengthens security by reducing repeated credential handling and maintaining consistent authentication.

For more information, see Credential Insertion SDK documentation.

Addition of DisableClientAppManagement flag

Citrix Workspace app for Linux introduces a new configuration flag called DisableClientAppManagement. This flag allows for improved control over client app behavior.

The DisableClientAppManagement flag disables various Client App Management operations, including:

• GACS discovery calls
• Settings synchronization or retrieval related to client apps

By default, the DisableClientAppManagement flag is set to false, meaning that Client App Management operations are enabled. When set to true, the flag skips all related operations during runtime, creating a lighter or more restricted environment as needed.

This enhancement offers a configurable option to adapt the Citrix Workspace app’s behavior based on specific deployment needs or system constraints.

Ubuntu 24.04+ webkit2gtk dependency resolution

Ubuntu 24.04 (Noble Numbat) and newer versions no longer include the webkit2gtk-4.0 library in the default repositories and it is replaced with webkit2gtk-4.1.

The selfservice component of the Citrix Workspace app for Linux strictly depends on webkit2gtk-4.0. This mismatch prevents Citrix Workspace app from launching correctly on Ubuntu 24.04 and later versions.

To address this mismatch, Citrix Workspace app for Linux package now directly includes the webkit2gtk-4.0 library. This addition of the library ensures the dependency is met, allowing Citrix Workspace app for Linux to function consistently across all supported Ubuntu versions.

Hardware acceleration in Browser Content Redirection

Starting with the Citrix Workspace app for Linux 2508 version, the hardware acceleration is now enabled by default in Browser Content Redirection (BCR). This feature provides the following benefits:

• Faster graphics rendering - BCR leverages client-side GPU to delegate graphics-related tasks to the Graphics Processing Unit, delivering a more fluid and immersive user experience.

• Reduced CPU load - When the GPU handles hardware acceleration, it relieves the CPU of graphics-intensive tasks. The CPU can focus on other processes, improving overall system performance and multitasking efficiency.

• Enhanced video playbook - Hardware acceleration enables video playback to use dedicated rendering engines in modern GPUs, which process high-bitrate videos more efficiently.

This feature requires the following system requirements:

• GPU must support OpenGL version 2.0 or later, or DirectX version 9 or later

• Compatible GPUs include NVIDIA GeForce series, AMD Radeon GPUs, Intel Xe GPU Family, and similar hardware.

Keyboard settings change take effect without reconnect

Starting with this release, keyboard setting changes take effect immediately without needing to reconnect or restart the session. This enhancement allows users to modify keyboard settings within the UI and apply them in real-time during an active HDX session with Citrix Workspace app for Linux.This feature improves user experience by eliminating the need for session interruptions when adjusting keyboard configurations, enabling seamless workflow continuity.

Audio Quality Enhancer to improve audio performance

Starting with version 2508, the audio quality enhancer is enabled by default for adaptive audio.

Audio quality enhancer maintains clear audio during brief network disruptions. This feature adapts to the network conditions to ensure consistent audio performance during playback and recording.

Note:

Both adaptive audio and loss tolerant mode for audio must be enabled for this feature to work.

Enhanced Connection Strength Indicator

Starting with version 2508, Citrix Workspace app for Linux features an improved Connection Strength Indicator that provides better connectivity insights and user control. The enhanced indicator helps you monitor network performance, identify connectivity problems quickly, and take corrective action before issues impact your work.

The key improvements include the following:

• Real-time Wi-Fi strength: Instantly view your current Wi-Fi signal quality for better connectivity awareness.
• Expanded device details: Access information such as CPU, memory usage directly from the indicator.
• Proactive notifications with snooze options: Receive alerts when your connection strength drops, with the ability to temporarily snooze notifications.
• Actionable recommendations: Get clear suggestions to resolve connectivity issues when your connection strength falls below optimal levels.
• 15-minute connection history: Review a visual history of your connection strength over the past 15 minutes to assist with troubleshooting and analysis.

Background blur for webcam redirection using UI

Starting with version 2508, you can enable background blur for webcam redirection using the graphical user interface.

To enable background blur inside the session for webcam redirection, do the following:

1. Click Preferences from the Desktop Viewer. The Citrix Workspace Preferences dialog box appears.

2. Click the Webcam tab. The following dialog box appears.

   

3. Select the Enable Background Blur check box to enable background blur for webcam redirection.
4. Click OK.

Note:

The selected or deselected state of the Enable Background Blur check box is saved on the endpoint for the current VDA session.

Support for H.264 hardware decoding for seamless apps

Starting with the 2508 version, Citrix Workspace app for Linux supports H.264 hardware decoding for seamless apps, utilizing the GPU on the client device. This feature is enabled by default. To disable this feature, do the following:

1. Navigate to the $HOME/.ICAClient/wfclient.ini folder.
2. Go to the [Thinwire3.0] section.
3. Add the following entry:

OpenGLEnabled=False
<!--NeedCopy-->

Browser Profile Sharing in Browser Content Redirection (Tech Preview)

BCR now offers a streamlined user experience with the new Profile Sharing feature, enabling VDA-side authentication and cookie sharing. This enhancement eliminates redundant logins, boosting productivity by maintaining authentication and cookie persistence across BCR sessions, even after the BCR window is closed. This seamless experience further enhances security by ensuring authentication originates from the VDA, not the client. For more information, see Citrix Virtual Apps and Desktops documentation.

Requirements for Tech Preview::

• Citrix Virtual Apps and Desktops 2507
• Citrix Workspace App for Linux 2508
• Latest Browser Content Redirection Extension
• Microsoft Edge Extension
• Google Chrome Extension

Support for EDT timeout configuration

Starting with the version 2508, the configuration mechanism in Citrix Workspace app was enhanced to use the timeout setting from the VDA. This eliminates the need to configure the timeout on the client device. Additionally, the default EDT timeout was changed from 25 seconds to 10 seconds to allow for faster detection of network interruptions. For more information, see Configure EDT timeout.

NFC support for FIDO2 Authentication

Starting with the 2411 version, you can use the FIDO2‑supported NFC card for a Tap-and-Go experience, which is an end-to-end single sign-on (SSO) solution. This means that you can use an NFC card to authenticate to a Citrix store and then a pre-configured virtual desktop or virtual app will automatically open using SSO.

For more information on configuring this feature, see the following sections:

Prerequisites

Hardware requirements:

• NFC-supported FIDO2 keys. For example, Yubikey5.
• NFC-supported FIDO2 readers that are compatible with Linux clients. For example, ACR1252U-M.

Software requirements:

The following software packages are required for this feature:

• swig
• libpcsclite-devel and pcsc-lite for CentOS or RHEL
• libpcsclite-dev and pcscd for Ubuntu
• python3 and python3-pip
• Python packages: pyscard, uhid, and fido2
• Chromium browser (if Citrix Enterprise Browser is not preferred). The preferred installer for the Chromium browser is the Debian package, which can be downloaded from the Chromium downloads page. It is not recommended to install Chromium as a snap.

Note:

• Administrators can install the above packages by running the setupFIDO2Service.sh script that is located at <ICAROOT>/util/Fido2HIDBridge as a sudo user. This setupFIDO2Service.sh script is an example for Ubuntu and RHEL OS. Admins can modify this script as required for their OS configuration.
• This feature is not supported on the Ubuntu x86-64, RHEL x86-64, and ARM64 architectures.

How to enable this feature

1. Ensure that the fido2-hid-bridge.service is running, as it’s usually installed with the Citrix Workspace app. If it isn’t running, you can start it manually.

   

2. Navigate to $ICAROOT/config/AuthManConfig.xml and add the following entries:

   <key>FIDO2Enabled</key>

   <value>true</value>

   Disable Long Lived Token as well:

   <longLivedTokenSupport>false</longLivedTokenSupport>

3. If required, modify the default browser by navigating to $ICAROOT/config/AuthManConfig.xml and updating the browser settings as required. The possible values are CEB and chromium. The default value is CEB.

   <FIDO2AuthBrowser>CEB</FIDO2AuthBrowser>

4. To display the App Authenticator in full screen, add the following entry:

   <Fido2FullScreenMode>true</Fido2FullScreenMode>

   By default, the App Authenticator is displayed in the window mode.

How to use this feature

1. Add StoreURL and ResourceName in $ICAROOT/config/AuthManConfig.xml:

   <StoreURL>test.cloud.com</StoreURL>

   <ResourceName>Notepad</ResourceName>

2. Navigate to $ICAROOT/util and run nfcui.

   

3. Once the store is added, either tap or click Continue for authentication.

   

4. On the authentication page, enter the user credentials and click Face, Fingerprint, PIN, or Security key as the sign-in option.

5. Tap the NFC-supported FIDO2 key on the reader.

6. Enter the PIN for your security key, and click Next.

7. After successful authentication, click Yes on the Stay signed in? window.

8. Once authentication is completed, the configured VDA or the app is launched.

   

The application is successfully launched.

GACS supports Citrix Workspace app for Linux

Starting with the 2408 version, you can manage the Citrix Workspace app settings for user groups using the Configuration profile in Global App Configuration service (GACS). With this feature, you can manage settings for specific user groups rather than applying them to all users accessing the store.

For more information on configuring settings for configuration profile, see Manage settings for user group using configuration profile.

Enhanced file transfer capabilities for Linux clients

Previously, you were able to copy and paste files and folders only between two virtual desktops. Starting with the Citrix Workspace app for Linux version 2508, you can copy files and folders from client to VDA.

This feature is enabled by default. To disable this feature, update the following policies on the Domain Delivery Controller (DDC):

1. Set the Restrict session clipboard write policy to Enabled.
2. Ensure that the CFX_FILE isn’t added into the session clipboard write allowed formats policy.

PDF Universal Printing

Starting with the 2405 version, Citrix Workspace app for Linux supprots the PDF universal printing. You can print as PDF once you configure either or both of the following options:

1. Provide a single PDF Universal Printer created in each session.
2. Use the Universal Print Driver (UPD) for regular auto-created printers.

Prerequisites

• Citrix Workspace app for Linux version 2405 or later - Enables consumption of PDF print streams for Citrix Workspace app for Linux.
• Citrix Virtual Apps and Desktops version 2112 or later - Enables PDF universal printing for auto-created client printers.

• Enable the Client printer redirection policy (highlighted in the following image) in the Citrix Studio or web console.

  

Provide a single PDF Universal Printer created in each session

To enable creation of the PDF Universal Printer in sessions from a Linux client or any other PDF enabled client endpoint, do the following:

1. Navigate to Citrix Studio or the web console and enable the Auto-Create PDF universal printer policy.
2. Set CitrixPDFPrinterAllowed=On in the [WFClient] section in the wfclient.ini file.

Once the preceding steps are completed, the PDF universal printer is created in the session. The printer is called Citrix PDF Printer.

Use this printer in a session to generate a PDF output that delivers to the client. Also, send the PDF output to the default PDF handling application on the endpoint. For the Linux client, this PDF handling application is typically the built-in Preview application, but it could be any registered PDF handling application such as Adobe Acrobat Reader.

Use the UPD for regular auto-created printers

To enable PDF universal printing for all redirected client printers in a session, visit Citrix Studio or a web console from a Linux client. Then, configure the niversal driver preferences policy to place the PDF metafile format within the priority list.

After this configuration, the Citrix PDF Universal Driver replaces the HP Color LaserJet 2800 Series PS driver on the host for automatically created printers. The automatically created printers use a universal driver with a Linux client that can print PDFs. When using one of the auto-created printers in a session, PDF is used as the intermediate format of the print job. But the print output flows directly to the selected client-attached printer.

Smart card authentication support for desktop lock mode [Technical Preview]

Starting with this release, desktop lock mode supports smart card authentication. A new UI that matches the desktop lock interface handles smart card authentication interactions. For information on configuring smart card, see Boot to Virtual Desktop and Smart card sections in the documentation.

Note:

Features in the Technical Preview are available to use in non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for features in technical preview but welcomes feedback for improving them. Citrix might act on feedback based on its severity, criticality, and importance.

Fixed issues

• You might notice that apps become unresponsive when closing dialog windows. [CVADHELP-28893]
• The camera might freeze and flicker in Microsoft Teams optimization windows when the Citrix Workspace app toolbar is disabled and OpenGL rendering is enabled. [CVADHELP-28651]

Known issues

There are no new known issues in the release.