Configure smart card authentication for Web Interface 5.4

Jun 04, 2018

If Citrix Workspace app for Windows is installed with a SSON component, pass-through authentication is enabled by default even if the PIN pass-through for smart card is not enabled on the XenApp PNAgent site; the pass-through setting for authentication methods will no longer be effective. The screen below illustrates how to enable smart card as the authentication method when Citrix Workspace app is properly configured with SSON.

See How to Manually install and configure Citrix Workspace for Pass-through Authentication for more information.

Use the smart card removal policy to control the behavior for smart card removal when a user authenticates to the Citrix Web Interface 5.4 PNAgent site.

When this policy is enabled, the user is logged off from the Citrix Virtual Apps session if the smart card is removed from the client device. However, the user is still logged in to the Citrix Workspace app.

For this policy to take effect, the smart card removal policy must set in Web Interface XenApp Services site. The settings can be found on Web Interface 5.4, XenApp Services Site > Pass-through with smart card > Enable Roaming > Logoff the sessions when smart card removed.

When the smart card removal policy is disabled, the user’s Citrix Virtual Apps session is disconnected if the smart card is removed from the client device; smart card removal on the Web Interface XenApp Services site does not have any effect.

Note

There are separate policies for 32bit and 64bit clients. For 32bit devices, the policy name is Smartcard Removal Policy (32Bit machine) and for 64bit devices, the policy name is Smartcard Removal Policy (64Bit machine).

alt_text

Smart card support and removal changes

Consider the following when connecting to a XenApp 6.5 PNAgent site:

  • Smart card login is supported for PNAgent site logins.
  • The smart card removal policy has changed on the PNAgent Site:

A Citrix Virtual Apps session is logged off when the smart card is removed – if the PNAgent site is configured with smart card as the authentication method, the corresponding policy has to be configured on Citrix Workspace app for Windows to enforce the Citrix Virtual Apps session for logoff. Enable roaming for smart card authentication on the XenApp PNAgent site and enable the smart card removal policy, which logs off Citrix Virtual Apps from the Citrix Workspace app session; the user is still logged into the Citrix Workspace app session.

Limitation

When a user logs in to the PNAgent site using smart card authentication, the username is displayed as Logged On.

Configure smart card authentication for Web Interface 5.4