Jump to content
Welcome to our new Citrix community!

SAML > NetScaler > Storefront > XA7.15 DDC/VDA - 'Kerberos Delegation', "There are no apps or..." or no FAS SSO

Recommended Posts

Hello - I'm hoping this is a novice issue and someone can assist me understand why "Configure Store Settings"  / "Kerberos Delegation" / "Disable Kerberos Delegation" permits my logons via my NetScaler to all published apps and desktops, and launch them, but without the SSO services of FAS?


I have 2 NetScaler VPX 450010.   My main setup runs with Storefront 3.12 and the v.7.15 Broker on separate VMs.   Via a NetIQ SAML IDP service and FAS logon, SSO thru to the app is fine.


My 'DR' setup has the Storefront and Broker on the same VM (WS16), and has a dedicated VPX.


Configured for LDAP the NetScaler authenticates and allows SSO thru to the pub-apps.


Configured for SAML the Storefront defaults to a "There are no apps or desktops available".


I have discovered how Kerberos Delegation - Disabled permits all the apps to be visible.   On launch tho I get the 'Unknown user' prompt from the XA host, indicative (to me) that the FAS authentication has failed.   There is no corresponding error in the Windows event logs on either the VDA host (WS08/12/16) or Broker that I can see.


I have little time to resolve this and I feel very close to the solution but I cannot make a Google search reveal what I am doing wrong.

Could anyone please give me a steer? 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...