Jump to content
Welcome to our new Citrix community!
  • 0

RHEL Enterprise 7.7 Invalid login with smart card SSO


Jay Stinson1709155922

Question

RHEL Enterprise 7.7

SSSD for AD integration

 

I'm having an issue where launching RHEL apps or desktops through our external NetScaler Gateway (smart card required) fails to authenticate. It appears SSO is passing the credentials through to the RHEL logon prompt in the username@DOMAIN.COM format, and requests a PIN. Entering the correct PIN still fails with "Invalid login."

 

However, when I launch internally directly through StoreFront with username/password (domain\username), it passes the credentials through correctly and logs me in.

 

Questions:

 

1. Can SSO to the RHEL VDA be disabled? I want the option to choose between PIN and Password.

 

2. How can I determine why the logon is failing?

 

3. Can the Citrix Linux VDA logon prompt be disabled and use the built-in Linux logon instead?

 

Thanks.

Link to comment

1 answer to this question

Recommended Posts

  • 0
16 hours ago, Jay Stinson1709155922 said:

RHEL Enterprise 7.7

SSSD for AD integration

 

I'm having an issue where launching RHEL apps or desktops through our external NetScaler Gateway (smart card required) fails to authenticate. It appears SSO is passing the credentials through to the RHEL logon prompt in the username@DOMAIN.COM format, and requests a PIN. Entering the correct PIN still fails with "Invalid login."

 

However, when I launch internally directly through StoreFront with username/password (domain\username), it passes the credentials through correctly and logs me in.

 

Questions:

 

1. Can SSO to the RHEL VDA be disabled? I want the option to choose between PIN and Password.

 

2. How can I determine why the logon is failing?

 

3. Can the Citrix Linux VDA logon prompt be disabled and use the built-in Linux logon instead?

 

Thanks.

First, Smart card authentication to Citrix Gateway is not officially supported.

 

For your questions:

 

1. Can SSO to the RHEL VDA be disabled? I want the option to choose between PIN and Password.

The way to use smart card or password logon is controlled by the storefront configuration. And I am wordering how do you configurate your storefront and do you select certificate when you login the storefront?

 

2. How can I determine why the logon is failing?

Open the trace log of ctxlogin and scard in VDA.

 

3. Can the Citrix Linux VDA logon prompt be disabled and use the built-in Linux logon instead?

No. You need to do the Linux VDA authentication before your get the LVDA session.

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...