Citrix Web Interface Smart Card Authentication Error Occurred
Contents |
Developer Network (CDN) ForumsCitrix Insight ServicesCitrix ReadyCitrix Success KitsCloud Provider PackCloudBridgeCloudPlatform (powered by Apache CloudStack)CloudPortalDemo CenterDesktopPlayerEdgeSightEducationForum PrototypeHDX MonitorHDX RealTime Optimization PackHotfix Rollup PackJapanese ForumsKnowledge Center FeedbackLicensingLTSRNetScalerNetScaler E-Business configuring citrix xendesktop 7.6 and netscaler gateway 10.5 with piv smart card authentication CommunityNetScaler Gateway (Formerly Access Gateway)Profile ManagementProof of Concept KitsProvisioning ServerQuick Demo
Citrix Receiver Smart Card Authentication
ToolkitReceiver, Plug-ins, and Merchandising ServerSecure GatewayShareFileSingle Sign-On (Password Manager)SmartAuditorStoreFrontTechnology PreviewsTrial SoftwareUniversal Print ServerUser Group CommunityVDI-in-a-BoxWeb InterfaceXenAppXenClientXenDesktopXenMobileXenServer Discussions Support Forums Products Web Interface Web Interface 5.x Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Webinterface and smartcard support for Firefox (An authentication error occurred) Started by P.G. de Haan , 19 September 2012 - 12:12 PM Login to Reply 1 reply to this topic P.G. de Haan Members #1 P.G. de Haan 6 posts Posted 19 September 2012 - 12:12 PM I am trying to support "home user devices" for Citrix Access to the Customer Environment.Internet Access is provided by Cisco ASA WebVPN. Through a SSL tunnel the Webinterface portal is forwarded in the browser. First logon the Cisco webpage requires SmartCard and PIN. Internet Explorer 8 and 9 works fine. (Multiple PIN request are required when starting citrix application) In Firefox the aetpkss1.dll is added to the security devices, so firefox can acces the smartcard, the first smartcard logon (CISCO) works fine, after that the redirection to the webinterface is started. The webinterface cannot read the smartcard. So I cannot login to the webinterface. Error: An authentication error occurred. Question: Is Firefox suppported with smartcard access through the Webinface? Configuration: XenApp 6.5 / Webinterface 5.4 Omnikey USB Smartcard Reader AET SafeSign-Identity-Client-3.0.70 Webinterface is configured as described here: http://support.citrix.com/article/CTX129096 Edited by: P.G. de Haan on Sep 19, 2012 8:12 AMEdited by: P.G. de Haan on Sep 20, 2012 3:19 AM Attached Files Capture.PNG 151.69K 0 downloads 1349-313508-1673964 Back to top Reinhard Teischl Mem
Mar 2014 | Modified:15 Apr 2016 Languages log in to start download LOGIN Don't have an account? Create one here. Or Continue As Guest Which best describes you: IT Admin Business User DOWNLOAD Objective This article describes how to Integrate Web Interface 5.3 and Access Gateway Enterprise for Pass-through Access. Requirements XenApp and Web Interface servers must be domain members XenApp XML service must be running with IIS on the XenApp farm. This is because Kerberos authentication is done by IIS on the Smart Card user’s behalf Smart Card middleware is no http://discussions.citrix.com/topic/313508-webinterface-and-smartcard-support-for-firefox-an-authentication-error-occurred/ longer needed to be installed on Web Interface or XenApp servers. This is because this process uses Kerberos for authentication Access Gateway Enterprise 9.2 Build 48.6 or later must be used Web Interface 5.4 build 51 must be used Web Interface must not be installed on a Domain Controller XenApp 4.5 and 5.0 have been tested XenApp 6.0 requires fix #242752 which is currently http://support.citrix.com/article/CTX124603 available in XA600W2K8R2X64R02, CTX133882 ‑Hotfix Rollup Pack 2 for Citrix XenApp 6 for Microsoft Windows Server 2008 R2 (Included in XenApp 6.5) Active Directory domain functional level must be 2003, 2008 or 2008 R2 Instructions Complete the following procedures accordingly: Active Directory Configuration Complete the following steps to configure Active Directory: Configure Delegation for XenApp and Web Interface servers. Web Interface must delegate http service to all XML servers. The XenApp server must delegate http and host service to themselves plus host and http service to all XenApp servers. Each XenApp server must also delegate CIFS and LDAP services to the Domain Controllers. Note: The examples of Constrained Delegation, as demonstrated above, are meant to be examples of the minimum configuration required to allow logging on. If a Published Desktop or Published Application uses other resources not on the XenApp server itself (for example, CIFS file shares, SQL, DCOM) additional configuration might be required. Any server hosting that resource must be configured to allow for the XenApp server to access the resource. The correct Service Principal Names (SPN) must be configured for those resources. Web Interface Configura
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Expand https://www.experts-exchange.com/questions/24284353/Smart-Card-Logon-An-authentication-error-has-occurred.html Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor Services http://www.jasonsamuel.com/2012/01/05/how-to-fix-pass-through-authentication-the-windows-2008-logon-screen-on-xenapp-6-5web-interface-5-4-using-citrix-receiver/ Groups Website Testing Store Headlines Experts Exchange > Questions > Smart Card Logon - An authentication error has occurred Want to Advertise Here? Solved Smart Card Logon - An authentication error has occurred Posted on 2009-04-01 Citrix Microsoft IIS Web Server 1 Verified Solution 2 Comments 2,282 Views Last Modified: 2012-05-06 Okay, heres the situation I need some smart card guidance with. I replaced our Citrix servers with new servers and built the new Citrix set-up from scratch. I have 1 Web Interface 4.5, 1 Secure Gateway 3.1, and 1 Presentation Server 4.5. It is setup for smart card logon, and if you go to the WI website from a domain computer at work, you get right in. However, if you logon on from a domain computer at work with local credentials or smart card authentication a computer outside of the network you get the following error, An authentication error has occurred. Please contact your administrator. Log ID:. The event log shows this error: "A logon attempt has been made by an authenticated user. If this problem persists, attempt a repair of the site using the Access Management Console Explicit logon with username and PW works fine. IIS is set to "Negotiate,NTLM" What am I forgetting to set? Thanks for any help offered. 0 Question by:DanaWilliams Facebook Twitter LinkedIn Google Best Solution byDanaWilliams The fix was in IIS on the Web Interface. Go to properties on the Web Sites folder, go to the Directory Security tab, under Secure communications, check Enable the Windows directory service mapper. Go to Solution 2 Comments LVL 22 Overall: Level 22 Microsoft IIS Web Server 16 Message Expert Comment by:cj_19692009-04-02 If this works for a user loged into a machine using a domain account and not using a local account then the implication is that CITRIX is doing pass-through authentication and grabbing the credentials of the logged in user. Apparently you have access enabled for domain users. The same would hold true for the machines outside of the network ... the user accounts that the users are logged in with will not be domain accounts. I pres
screen on XenApp 6.5/Web Interface 5.4 using Citrix ReceiverBy Jason Samuel on January 5, 2012 8 sharesShare Tweet Share Share 28 commentsWhen you launch Internet Explorer and open your Citrix web interface page, you want it to pass through the user's credentials and see all the available apps. When the user clicks on an app, it should launch immediately with no further prompts. Plain and simple.But this is not always the case unfortunately. Sometimes pass-through authentication breaks. Symptoms I have seen are:1. You get prompted for credentials at the Web Interface logon (an authentication error occurred error message) like this:2. Passthrough at the web interface works fine but when launching an app, you get a Windows 2008 R2 logon screen from the XenApp server like this: 3. You get a combination of both issues above.Don't worry, there are a number of things you need to check that can resolve these issues for you. One or more of these factors may be the cause of errors in your environment. Just run through the bullet points below and verify everything:1. You need to be using Citrix Receiver Enterprise if possible and not just the plain Citrix Receiver. The latest Citrix Receiver is 3.1 but 3.0 behaves the same way. It comes with Online Plugin 13.1.0.89 enabled out of the box. You can go to the "Receiver for Windows 3.1 - Admins" download page here:https://www.citrix.com/English/ss/downloads/details.asp?downloadId=2319945&productId=1689163You will need to download the 55.1 MB zip file. Inside you will see both "CitrixReceiver.exe" and "CitrixReceiverEnterprise.exe". The one you want to install is the Enterprise version. This version will install with pass-through authentication support automatically for you as well as Single Sign On (SSO). You can always install and enable SSO with the standard Receiver using the "/includeSSON" and "ENABLE_SSON=Yes" command line switches and this actually will give you pass-through authentication features (more on this in bullet point 7 below). Receiver Enteprise will require administrator access to install on PCs unlike the standard/regular Citrix Receiver. The difference between the two versions is described here:http://support.citrix.com/proddocs/topic/receiver-31-windows/ica-clients