Linux Virtual Delivery Agent

Double-hop single sign-on authentication

User credentials for accessing a StoreFront store can be injected to the AuthManager module of Citrix Workspace app for Linux and Citrix Receiver for Linux 13.10. After injection, you can use the client to access virtual desktops and applications from within a Linux virtual desktop session, without entering user credentials for a second time.

Note:

This feature is supported on Citrix Workspace app for Linux and Citrix Receiver for Linux 13.10.

To enable the feature:

  1. On the Linux VDA, install Citrix Workspace app for Linux or Citrix Receiver for Linux 13.10.

    Download the app from the Citrix download page for Citrix Workspace app or for Citrix Receiver.

    The default installation path is /opt/Citrix/ICAClient/. If you install the app to a different path, set the ICAROOT environment variable to point to the actual installation path.

  2. In the Citrix StoreFront management console, add the HTTP Basic authentication method for the target store.

    Adding the HTTP basic authentication

  3. Add the following key to the AuthManager configuration file ($ICAROOT/config/AuthManConfig.xml) for allowing the HTTP Basic authentication:

     <Protocols>
          <HTTPBasic>
              <Enabled>True</Enabled>
         </HTTPBasic>
     </Protocols>
     <!--NeedCopy-->
    
  4. Run the following commands to install the root certificate in the specified directory.

    cp rootcert.pem $ICAROOT/keystore/cacerts/
    $ICAROOT/util/ctx_rehash  $ICAROOT/keystore/cacerts/
    <!--NeedCopy-->
    
  5. Run the following command to enable the feature:

    /opt/Citrix/VDA/bin/ctxreg update -k "HKLM\System\CurrentControlSet\Control\Citrix" -v "LurSsonEnabled" -d "0x00000001"
    <!--NeedCopy-->
    
  6. Launch a Linux virtual desktop session and start Citrix Workspace app for Linux or Citrix Receiver for Linux 13.10 within that session.

    You are prompted for a store account when you start the Citrix Workspace app for the first time. Later on, you are logged on to the store you specified earlier automatically.

    Note:

    Enter an HTTPS URL as your store account.

    Entering your store account

Double-hop single sign-on authentication