When using the Citrix Receiver in combination with the Citrix Web Interface and Pass-through authentication, in some scenarios the following screen pops-up and Pass-through is not functioning correctly:
To get Pass-through working correctly, the following settings must be set.
This can be done using a Group Policy Object, or locally using the Local Computer Policy.
In this example I am going to use the Local Computer Policy.
| Install the Citrix Receiver Enterprise using the command line: | CitrixReceiverEnterprise.exe /silent /includeSSON ADDLOCAL=”ReceiverInside,ICA_Client,AM,SELFSERVICE, SSON,USB,DesktopViewer,Flash,PN_Agent,Vd3d” SERVER_LOCATION= https://server/Citrix/PNagent/config.xml ENABLE_SSON=”YES” |
| Open GPedit.mscExpand Computer Configuration, Administrative Templates |
|
| Right-click on Administrative TemplatesSelect Add/Remove Templates… |
|
| Click on Add |
|
| Open C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm |  |
| Click on Close |
|
| Expand Computer Configuration, Administrative Templates, Classic Administrative Templates, Citrix Components, Citrix Receiver |
|
| Expand User Authentication |  |
| Open Kerberos authentication |
|
| Change the following values: Check Enabled Click Ok |
 |
| Open Local User name and password |
|
| Change the following values:Check Enabled Check Enable pass-through authentication Check Allow pass-through authentication Click Ok |
 |
| Open Web Interface authentication ticket |
|
| Change the following values: Check Enabled Check Legacy ticket handling Check Web Interface 4.5 and above Click Ok |
 |
| If you use a Smart card for pass-through authentication, open Smart card authentication
Check Enabled Check Allow smart card authentication Check Use pass-through authentication for PIN Click Ok |
 |
| The next step is to set the Web Interface as trusted site | |
| In GPedit.msc expandWindows Components/Internet Explorer/Internet Control Panel/Security Page |
|
| Open Site to Zone Assignment List
Check Enabled Click Show Under Value Name add the address of the web interface siteUnder Value add the value 2 Value 2 represents the Local Intranet zone, this zone has the correct privileges for pass-through authentication. Click Ok Click Ok |
 |
| The next step is to check if Pass-through is enabled on the XenApp web site. | |
| Open the Citrix Web Interface Management Console Click XenApp Web Sites Click Authentication Methods Make sure that Pass-through is selected. |
  |
| Now you can test the pass-through functionality by opening the Web Interface website. |
Can’t get the solution to work? Contact me and let me do the trick.
4 thoughts on “Enabling Pass-through authentication for the Citrix Web Interface”
Good blog with some fascinating information. I’ll be back.
Stumbled into this website by chance but I’m sure glad I clicked on that link. You genuinely answered all of the queries I’ve been dying to answer for some time now. Will actually come back for more of this. Thank you so much
Very nice and detailed information given above. But hey, you didn’t mentioned the version!