Double-hop single sign-on authentication

The feature injects user credentials entered for accessing a StoreFront store to the AuthManager module of Citrix Workspace app for Linux and Citrix Receiver for Linux 13.10. After injection, you can use the client to access virtual desktops and applications from within a Linux virtual desktop session, without entering user credentials for a second time.

Note:

This feature is supported on Citrix Workspace app for Linux and Citrix Receiver for Linux 13.10.

To enable the feature:

  1. On the Linux VDA, install Citrix Workspace app for Linux or Citrix Receiver for Linux 13.10.

    Download the app from the Citrix download page for Citrix Workspace app or for Citrix Receiver.

    The default installation path is /opt/Citrix/ICAClient/. If you install the app to a different path, set the ICAROOT environment variable to point to the actual installation path.

  2. In the Citrix StoreFront management console, add the HTTP Basic authentication method for the target store.

    image of adding the http basic authentication

  3. Add the following key to the AuthManager configuration file ($ICAROOT/config/AuthManConfig.xml) for allowing the HTTP Basic authentication:
     <Protocols>
          <HTTPBasic>
              <Enabled>True</Enabled>
         </HTTPBasic>
     </Protocols>
    
  4. Run the following commands to install the root certificate in the specified directory.
    cp rootcert.pem $ICAROOT/keystore/cacerts/
    $ICAROOT/util/ctx_rehash  $ICAROOT/keystore/cacerts/
    
  5. Run the following command to enable the feature:
    /opt/Citrix/VDA/bin/ctxreg update -k "HKLM\System\CurrentControlSet\Control\Citrix" -v "LurSsonEnabled" -d "0x00000001"
    
  6. Launch a Linux virtual desktop session and start Citrix Workspace app for Linux or Citrix Receiver for Linux 13.10 within that session.

    You are prompted for a store account the first time you start Citrix Workspace app for Linux or Citrix Receiver for Linux 13.10 within a Linux virtual desktop session. Later on, you are automatically logged on to the store you specified earlier.

    Note:

    Enter an HTTPS URL as your store account.

    image of entering your store accout

Version

Double-hop single sign-on authentication

In this article