Product Documentation

XML service-based authentication

Jun 10, 2015

When StoreFront is not in the same domain as XenApp or XenDesktop, and it is not possible to put Active Directory trusts in place, you can configure StoreFront to use the XenApp and XenDesktop XML Service to authenticate the user name and password credentials. A user explicitly provides a user name and password.  

Enable XML service-based authentication

  1. Running as an Administrator, open a PowerShell window and load the StoreFront modules and snap-ins.
    & "$Env:PROGRAMFILES\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"
  2.  Assuming StoreFront is deployed to IIS site:1 with virtual path /Citrix/Authentication, enable the feature in  the Authentication Service:
    Set-DSXmlServiceAuthentication -SiteId 1 -VirtualPath /Citrix/Authentication
  3. Enable XML service-based authentication on all associated stores. For example, where /Citrix/Store is the virtual path of the store:
    Set-DSXmlServiceAuthentication -SiteId 1 -VirtualPath /Citrix/Store
  4. Create farmset to configure the data collectors/brokers where authentication will occur. See the example below.
  5. Configure XML service-based authentication to use the farmset.
    Update-DSFarmSet -IISSiteId 1 -VirtualPath "/Citrix/Authentication" -Farmset $FarmSet
Example: Copy

$Farm = @{

              FarmName = "Farm"
              Port = "443"
              SSLRelayPort = 443
              TransportType = "HTTPS"
              LoadBalance = $false
              AllFailedBypassDuration = 5
              Servers = @("server1", “server2”)
              Platform = @{

                             FarmType = "XenApp"
                             Caption = "Caption"
                             DisplayName = "Authentication Farm"



$FarmSet = @{

               Name = "Default"
               Farms = @( $Farm )


Disable XML service-based authentication

  1. To disable this feature and to restore the default behavior, use the following PowerShell cmdlet for the Authentication Service:
    Set-DSDefaultAuthentication -SiteId 1 -VirtualPath /Citrix/Authentication

  2. To disable all associated stores.
    Set-DSDefaultAuthentication -SiteId 1 -VirtualPath /Citrix/Store