Forum Discussion

Sander_-_Portaa's avatar
Sander_-_Portaa
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015

Citrix VDI, SSO credential caching issue - 11.5.1 build 7.0.167

Hi All,

 

I would like some adive on the following. We publish our storefront server behind F5 APM. A user logs on to a custom logon page, credentials are cached, and used for SSO into the citrix environment. So far no problems here.

 

Issue:

 

A user logon on from an available thin client. After a while, the user leaves this desk, for a few hours. The flex working principals, say any other user can use that desk and thin client after say 30 minutes. Citrix expires the storefront session after 3 minutes. It displays that the session has timed-out, and the user needs to logon again. After clicking the logon button, the cached credentials from the previous user are beiing used. this poses a security threat.

 

Is there a way to expire the session credentials after a certain amount of time? Any other suggestions are welcom to solve this,

 

thanks Sander

 

APM
deployment
management
security

3 Replies

Sort By
  • Michael_Koyfma1's avatar
    Michael_Koyfma1
    Icon for Cirrus rankCirrus
    Oct 27, 2015

    It sounds like your APM session is not timing out. Change the access policy inactivity timeout to be 3 mins and the policy should terminate and ask the user to authenticate again.

     

  • Sander_-_Portaa's avatar
    Sander_-_Portaa
    Icon for Nimbostratus rankNimbostratus
    Oct 27, 2015

    HI Michael,

     

    Changed the setting to 30 secs just to test, no luck. Store front page is still displayed, and when pressing the logon button, storefront uses the SSO data to sign in again.

     

    thanks Sander

     

    • Michael_Koyfma1's avatar
      Michael_Koyfma1
      Icon for Cirrus rankCirrus
      Oct 27, 2015
      In that case, you might want to open a support case to investigate - idle timeout in the APM policy should terminate your session and prevent this from happening - so it is most likely a misconfiguration somewhere. Also, as a side note, you are running a pretty old version of code. For Citrix deployments in general, we currently highly recommend 11.6.0 HF5 or higher.