Product Documentation

Installing the Single Sign-on Plug-in

Apr 15, 2011

The Single Sign-on Plug-in runs on the XenApp server and provides credentials and access to published applications. The plug-in also runs on each user device, providing credentials, access to applications running locally on the device, and the ability to control Single Sign-on operations.

Note: When you use this version of the plug-in on XenApp to publish applications enabled for Single Sign-on, user devices should also have the plug-in installed. If the user device does not have the plug-in installed, Single Sign-on will automatically submit credentials to applications published with XenApp, but the user will be unable to edit, delete, or reveal password information, pause or resume Single Sign-on, determine whether Single Sign-on is paused, or submit passwords manually.
Installation considerations:
  • Installing this version of the Single Sign-on Plug-in on a user device upgrades a 4.8 version.
  • After installing the plug-in on a supported operating system that uses the Microsoft Graphical Identification and Authentication (GINA) Windows component, you must restart the device. Ths includes Windows XP, Microsoft Windows XP Embedded, Microsoft Windows Fundamentals for Legacy PCs, Microsoft Windows Server 2003 R2, and Microsoft Windows Server 2003 with Service Pack 2.

    WinLogon uses the GINA controls for the dialog box that users see when they press the key combination CTRL+ALT+DEL. The dialog box collects the data needed to perform authentication. XenApp, the Single Sign-on Plug-in, and the Novell NetWare client interact with or require the replacement of the GINA dynamic link library (DLL). You might be required to install or uninstall software in a specific order to preserve proper GINA chaining. By installing the Single Sign-on Plug-in last, you ensure that the Single Sign-on GINA is called first by the Winlogon process.

  • After the installation completes (and the device restarts, if needed), the Citrix Receiver icon appears in the system tray.
  • After installing the plug-in, if you configure or change Citrix licensing information, restart the plug-in to apply the changes.

To install the Single Sign-on Plug-in on a server when you install XenApp (wizard-based)

  1. Follow the instructions in Installing XenApp Using the Wizard-Based Server Role Manager. From the Optional Components list, select Single Sign-on Plug-in.
  2. When configuring XenApp using the wizard-based Server Configuration Tool, you are prompted to select the type of central store: Microsoft Active Directory (default) or NTFS Network Share and its path.

To install the Single Sign-on Plug-in on a server when you install XenApp (command-line)

  1. Follow the instructions in Installing XenApp from the Command Line. Include the SSONAgentFeature option (/install:XenApp,SSONAgentFeature).
  2. When configuring XenApp from the command line, you can include the /SSOPluginUncPath:path option to specify the UNC path to the NTFS network share central store. If you omit this option, Active Directory is assumed.

To install the Single Sign-on Plug-in on a user device or on a server with XenApp installed

  1. Load the XenApp media on the computer or server.
  2. From the Autorun menu, select Manually install components > Server Components > Additional Features > Single Sign-on > Single Sign-on Plug-in.
  3. Follow the instructions. You are prompted to select the type of central store and the components to install (such as language packs, Self-Service, and data integrity).

To install the Single Sign-on Plug-in on a user device using Merchandising Server

Follow the procedures for downloading or delivering plug-ins in the Merchandising Server documentation.

Icon Consolidation in the Microsoft Windows Notification Area

When using this version of the Single Sign-on Plug-in for all XenApp sessions and on each user device, the Microsoft Windows notification area on each user device contains only one Receiver icon, with an integrated Single Sign-on menu that consolidates all sessions.

However, if either XenApp or the user device uses an earlier plug-in version, the Windows notification area can also contain Single Sign-on icons. The following table illustrates several scenarios.
User device XenApp server Windows Notification area Passwords menu available from Receiver icon?
Citrix Receiver Single Sign-on Plug-in Citrix Receiver Single Sign-on Plug-in
Current * 5.0 Current 5.0 One Receiver icon Yes
Current - Current 5.0 One Receiver icon No
Current 5.0 - 4.8 One Receiver icon and one Single Sign-on icon for each connected XenApp session. ** Yes
Current 4.8 Current 5.0 One Receiver icon and one single Sign-on icon No
Current 4.8 Current 4.8 One Receiver icon and one Single Sign-on icon, plus one Single Sign-on icon for each connected XenApp session. ** No
Earlier online plug-in 4.8 Current 5.0 One Single Sign-on icon and one online plug-in icon No

* Current = Receiver for Windows, which contains the Online Plug-in

** If the XenApp servers are running an earlier version of the Single Sign-on plug-in, and the current Receiver is installed on the user device (regardless of whether any Single Sign-on plug-in is installed on the user device), the Windows notification area on the user device will contain a Single Sign-on icon for each of those XenApp servers (running the earlier plug-in version) to which it is connected.