Jump to content
  • 3

Windows Hello for business / Hybrid AD – Azure ad joined Windows 10 client breaks SSO

Martin Gråtrud

Asked by Martin Gråtrud,

Question

Martin Gråtrud Rookie

Martin Gråtrud

Posted
Posted

Windows Hello for business / Hybrid AD – Azure ad joined Windows 10 client breaks SSO

 

Tested on:

Citrix Workspace app 1810 / Receiver 4.8

Windows 10 17763.134

 

If I install a new windows 10 client, and log on (after a boot). SSO works fine, and configuration checker comes up all green.

If I enable certificate-based Windows Hello for business for the user, SSO stops working and configuration checker complains about ssonsrv not running.

Tried playing around with the authentication provider, but no luck there.

After this there is no way making SSO work. Tried to disable WHFB, remove user profile etc, but the only ting fixing it is a total reinstall of the OS. Tried different versions of receiver etc..  (rebooted multiple times, and tried different user accounts)

 

Receiver is installed for all users. Tried on different physical and virtual machines.

 

I have also seen other reports of this.

 

Martin

SSONissues.JPG

Link to comment

2 answers to this question

Recommended Posts

  • 0
Santosh Sahu1709152162 Newbie

Santosh Sahu1709152162

Posted
Posted
On 12/12/2018 at 0:53 PM, Martin Gråtrud said:

If I enable certificate-based Windows Hello for business for the user, SSO stops working and configuration checker complains about ssonsrv not running

For windows domain passthrough authentication SsonSvr.exe needs to capture domain credentials during windows login. In case of certificate based auth it cannot capture anything. It is also possible that Windows doesn't run network providers with this auth method so Ssonsvr.exe never got a chance to run during windows logon.

 

However once the login method is back to AD username/password in windows, it should have returned to original state. Does error looks same in SSONChecker once Windows hello auth is disabled?

Link to comment
  • 0
Dmitrij Lejkin1709155074 Apprentice

Dmitrij Lejkin1709155074

Posted
Posted

Hi there,

here is the answer from Citrix Support:

 

Currently, Windows Hello is not supported for On-Prem Storefront. We have an RFE for this RFE ID-012617. 

As you can see this is not supported for now but there is a request for enhancement on this topic. 
At the moment it is not planned to be implemented in the short term but this does not mean it will not be implemented at some point in time.
For more information on this topic, we kindly ask you to keep in touch regularly with your SE.

 

Dim

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to question listing

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...