Citrix XenApp Configuration
ActivClient is designed to support smart cards in a Citrix XenApp deployment. However, there is no specific ActivClient configuration required for Citrix deployments.
Citrix provides a large set of documentation about XenApp configuration for smart card deployments. This section provides pointers to these Citrix documents and configuration recommendations. For the latest up-to-date documentation, go to the official Citrix web site.
To decide which Citrix client is needed for your deployment, see http://support.citrix.com/proddocs/topic/online-plugin-112-windows/ica-clients-deciding-v2.html. The Citrix Online plug-in is recommended for smart card services.
To configure Citrix Web Interface with smart card authentication, see http://support.citrix.com/proddocs/topic/web-interface-impington/wi-authenticate-wrapper-gransden.html. Choose Smart card or Pass-through with smart card depending on your configuration.
This document also includes the following authentication recommendations:
If you plan to enable pass-through, pass-through with smart card, or smart card authentication, be aware of the following:
-
If users log on to their computers using smart cards and you want to enable pass-through authentication, select the option to use Kerberos authentication.
-
If users log on to their computers using explicit credentials, do not enable smart card or pass-through with smart card authentication for those users to access the Web Interface.
To enable smart card authentication for Web Interface, see http://support.citrix.com/proddocs/topic/web-interface-impington/wi-enable-smart-card-authentication-gransden.html.
As you configure Microsoft Windows for the smart card removal behavior, you also need to configure the smart card removal behavior for Citrix sessions. To enable smart card authentication for XenApp Services sites:
-
From the Windows Start menu, point to All Programs, Citrix, Management Consoles and then select Citrix Web Interface Management.
-
In the left pane of the Citrix Web Interface Management console, click XenApp Services Sites and select your site in the results pane.
-
In the Action pane, click Authentication Methods and select the Smart card or Pass-through with smart card option, as appropriate.
-
Click Properties and select Roaming.
-
To configure the behavior of the Web Interface when a smart card is removed, select Enable roaming and choose one of the following options:
-
To disconnect a user’s session when the smart card is removed, select Disconnect sessions when smart card removed.
-
To log off a user’s session when the smart card is removed, select Log off sessions when smart card removed.
-
-
If you enabled pass-through with smart card authentication and you want to use Kerberos authentication between the plug-in and the XenApp Services site, click Kerberos Authentication and select the Use Kerberos to authenticate to the XenApp Services site option.
Citrix Related Registry Values
Reader List Polling Period
Description: This registry determines how often ActivClient checks for reader plugging/ unplugging in an RDP or Citrix session.
Default Values: 30000 milliseconds
Registry Key: ReaderListPollingPeriod
Comments:
The DWORD value indicates how often ActivClient checks for reader plugging/ unplugging in an RDP or Citrix session using calls to Microsoft Smart Card Service (SCardSvr). For slow networks (such as UMTS or satellite connection) where such calls may take several hundred milliseconds, you may want to increase ReaderListPollingPeriod to higher values. Set this value in milliseconds.
Registry Path:
HKEY_LOCAL_MACHINE\SOFTWARE\HID Global\SnapIns\EventService\EventsMonitoring\SCard
