Citrix XenApp iApp APM with Storefront - Cross Access Profile SSO

Question

We've deployed the XenApp iApp in the configuration using APM to send traffic to Storefront. When deploying the iApp, I allowed it to create the APM access profile. I have since noticed that SSO between our Webtop AP and our Citrix AP doesn't appear to be working. &nbsp;
The Access Profile SSO Domain Cookie has the same value across both Access Profiles (ex. company.com), but when clicking the Storefront link (Webtop Link - Application URI ex. storefront.company.com) from the webtop, you are redirected to the F5 login page for the Storefront Access Profile.&nbsp;
Has anyone else seen this behavior? Any ideas how to get SSO from the webtop into the Storefront AP working?&nbsp;
I've also noticed that if I log into Storefront first, and open a new browser tab to the webtop, I immediately get a Connection Reset message.&nbsp;

fred_slater_856 · Answer

Which iapp template did you deploy? The latest release is f5.citrix_vdi.v2.2.0.&nbsp;

greg_crosby_319 · Answer

Can you elaborate a little more on your setup? Cross access profile - do you mean cross domain support or maybe you are using multiple APM's/APM policies?

nifford · Answer

We deployed f5.citrix_vdi.v2.1.0, the latest available at that time. If it also helps, we're running Big-IP 11.5.3HF2.

nifford · Answer

SSO between different Access Profiles on the same APM instance. So when you log into the webtop and are authenticated through the webtop access profile, you don't have to log in again when clicking the storefront link which sends you to the storefront access profile.

And when I reference domain, the base fqdn (company.com) is what's specified for the Domain Cookie value on each Access Profile.

greg_crosby_319 · Answer

I would verify the same SSO is being used throughout the configuration, if not your policies might be using the wrong cached session variables.I would suggest opening a support ticket, probably the fastest route to a solution as the configuration sounds like it has deviated from an access policy the iApp produces.

Forum Discussion

Citrix XenApp iApp APM with Storefront - Cross Access Profile SSO

5 Replies

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Security First, Performance Always: How F5 Drives Citrix VDI Excellence in Application Delivery

Resolve Citrix Secure Ticket Authority (STA)

F5 StoreFront XML Broker Monitor

APM Citrix Client Bundle for StoreFront 2.6 HTML5 Receiver

Extract Citrix Secure Ticket Authority (STA)