Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

f5.citrix_vdi.v1.1.0rc5 SSO not working against WI 5.4

When using vdi.v1.1.0rc4 and rc5 and using Citrix WI 5.4 as web interface it ends up in an empty page. When using the Citrix iApp xendesktop_xenapp 2012-06-27 it works.

I have confirmed it to be a problem in the SSO configuration of the vdi.v1.1.0rc4 and rc5. When configuring the "citrix_sso" from the 2012-06-27 iApp to be used also for vdi.v1.1.0rc5 iApp - it works.

So the new Forms-CLient Initiated SSO config "Citrix_int_rc5_apm_sso_form_basedv2" from the vdi.v1.1.0rc5 does not work against my WI 5.4.

Anybody else see this?

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I am able to log in and see published applications when using RC5 on 11.4.1. I am using WI server 5.4 with xenapp 6.5. Can you verify your SSO has the following settings: Image Text Where "xen" is your domain.Image TextImage TextImage Text

Also, what version of TMOS are you running?

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Image TextHi Greg, I am using version 11.4.1 HF2. I have checked the settings and everything looks the same as you except for the "form parameters" where the "domain" field was not checked, meaning not active. But even if I activate it (which I already did when configuring the iApp), it still only show the background of the WI. I don't get an error from the WI - it only show the background as in the picture attached.

And as I said as soon as I change the SSO to the "old" SSO config - it just works.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hello Greg,

I am still struggling to solve this problem. I am now on 11.5 on the BigIP. I have not tested the latest rc of the VDI iapp though. Reading the release notes indicates nothing has changed regarding the SSO anyway?

Even if I can use the "old" SSO, I have discovered another problem when using the older SSO: When the WI times out or when you actively logs out of the WI manually, and you then manually logs on to the WI - I get a session error from the WI: "There is a problem with your session.".

That error is most likely a cookie error between the APM and the WI. Also when disabling the SSO all together against the WI - the "Session error" never occurs. When searching for an answer to this problem I have seen this post: http://blogs.technet.com/b/edgeaccessblog/archive/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010.aspx

So it does seem it is something that needs to be done "cookie" wise to get this to work?

And since I am not able to get the new forms-client based SSO included in the new VDI iapp to work, I can't say if that SSO produces the same result reagrding the "Session error"...

Grrr.. Very frustrating problem...

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I would suggest opening a case in regards to the SSO troubles, it will be easier to trouble shoot with captures and configurations. For the session disconnects after users log out, look to see if question "Should the iApp remove the APM session when users log out of the Web Interface servers?" within the iApp is set to yes, and if so set it to no.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Thanks for the answer Greg.

However, I am aware of the "logout" thing that also kills the ICA session - that is not the problem I have. Anyway, I did find the reason why I got the "Session error" for the WI. The default SSO for the iapp 2012-06-27 (not the VDI rc5), did have a form setting of "Pass through" that was not enabled. That setting apparently does a pass through of the cookies to the client. When enabling that on the SSO - it works as expected.

Furthermore, that setting doesn't appear to be present in the new "Forms initiated" SSO included in the VDI rc5 iapp? But then again - I haven't had that SSO working as I said above, so I can't say if that SSO exhibits the same error...

I will stick to the old iapp and its' SSO config for the time being.

0
Comments on this Answer
Comment made 27-May-2014 by brad 375
Hello- I think I'm having exactly the same problem. I have used the iApp and I end up on a blank page the URL says it is /auth/login.aspx. Have you found a resolution to this?? I'm on 11.4.1, iApp template citrix_vdi.v1.1.0. When you say you are using the 'old' one, is that to say you are using an older iApp and that one works for you? Thanks for any help you can provide!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

may have fixed this myself. The blank page was also a java error. The error was in the line defining the domain. i DELETED that form parameter so it only had the user and password.

it worked..

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Try Access Policy ->> Application Access ->> Remote Desktop -> profile and edit Username Source to session.logon.last.logonname

0