Jump to content
Welcome to our new Citrix community!
  • 0

Domain Pass-through Authentication for Workspace in Chromium Edge


Christopher Kiser

Question

Hello Everyone,

 

I am trying to get Domain Pass through Authentication working inside the new Edge. Our storefront Server is configured for Domain Passthrough and it works inside IE when I navigate to the URL. In Edge I am met with "No logon methods available on this platform'. Does an Edge GPO need to be configured to make this work? Any help would be amazing, thanks!

Link to comment

7 answers to this question

Recommended Posts

  • 1

I have configured AuthNegotiateDelegateAllowlist (Specifies a list of servers that Microsoft Edge can delegate user credentials to) with the internal domain sufix as value 

*domain.local

 and AuthServerAllowlist (Configure list of allowed authentication servers) with the internal domain sufix as value 

*domain.local

 

 

Additionaly I configured AutoLaunchProtocolsFromOrigins (Define a list of protocols that can launch an external application from listed origins without prompting the user) with the value

[{"allowed_origins": ["*"], "protocol": "receiver"}]

and AutoOpenFileTypes (List of file types that should be automatically opened on download) with the value

ica

as well as URLAllowlist (Define a list of allowed URLs) with the value 

receiver://*

 

Using this I have Domain Passthrough SSO to StoreFront and auto-download and auto-launch of the ICA-File.

  • Like 1
Link to comment
  • 0
On 2/13/2021 at 3:31 AM, Martin Meier said:

I have configured AuthNegotiateDelegateAllowlist (Specifies a list of servers that Microsoft Edge can delegate user credentials to) with the internal domain sufix as value 



*domain.local

 and AuthServerAllowlist (Configure list of allowed authentication servers) with the internal domain sufix as value 



*domain.local

 

 

Additionaly I configured AutoLaunchProtocolsFromOrigins (Define a list of protocols that can launch an external application from listed origins without prompting the user) with the value



[{"allowed_origins": ["*"], "protocol": "receiver"}]

and AutoOpenFileTypes (List of file types that should be automatically opened on download) with the value



ica

as well as URLAllowlist (Define a list of allowed URLs) with the value 



receiver://*

 

Using this I have Domain Passthrough SSO to StoreFront and auto-download and auto-launch of the ICA-File.

 

Ok I have made the changes you describe here and made progress. I am now met with the "Detect Receiver" prompt. If I select that it will detect it and then proceed to the storefront. Yay! I looked at a solution for this (As i want a seamless experience) and it is to navigate to the webconfig file of the storefront server and change "protocolHandler Enabled: True" to "False". I made that change, performed iisreset, and restarted the server, now I am at the "No logon methods on the platform" again :(

 

What's interesting is I see this article: https://support.citrix.com/article/CTX269089 and this tells me to make sure it is set to "True" to fix the No logon methods issue. yet this article:  https://support.citrix.com/article/CTX209283 says to make it "False to bypass the detect receiver prompt. Doesn't make much sense, both support articles from Citrix seem to be in conflict with each other. 

 

I really appreciate you taking the time to respond to my first post.

Link to comment
  • 0
10 hours ago, Martin Meier said:

I also get the detect button once when I set the plugin assistant to false. But I can continue without the "No logon methods on the platform" error.

 

Have you checked wether your policies get applied without error using the URL:


edge://policy/

 

If I have the <pluginAssistant enabled="false" I have the same experience. I can select 'Detect' and I am good to go.

 

My goal however is to make this a seamless experience for the user so they are not prompted at all. All my policies are being applied without error.

 

As I said before its frustrating to me that the official recommendation from Citrix is to <protocolHandler enabled="false" but this in turn causes me to get the "No logon methods on the platform" whether the "pluginAssistant enabled" is set to true or false.

 

There has got to be a way to automatically "Detect" the receiver without having to click it. This works seamlessly in IE with any configuration of the webfig file which is odd to me.

Link to comment
  • 0

So far I know there is no solution to get this working outside of IE.

 

The solution to prevent the detect button is to set a cookie (CtxsClientDetectionDone). You can simply add the following to your "custom\script.js" file of your StoreWeb:

document.cookie = "CtxsClientDetectionDone=true";

Or you can use a Rewrite of the Response if using a Citrix ADC in front of StoreFront.

 

But if I do this, I get the error "No logon methods available on this platform".

Link to comment
  • 0

 

Yup same results as you. I've looked into adding the cookie for detection previously and, yes, that results in "No logon methods available on this platform" 

 

Well, looks like ill open a ticket with Citrix and see if I can get a solution for this.  I will comment back if anything comes of that.

 

I greatly appreciate you taking the time to respond and troubleshoot this issue with me.

Link to comment
  • 0
On 2/16/2021 at 5:13 PM, Christopher Kiser said:

 

Yup same results as you. I've looked into adding the cookie for detection previously and, yes, that results in "No logon methods available on this platform" 

 

Well, looks like ill open a ticket with Citrix and see if I can get a solution for this.  I will comment back if anything comes of that.

 

I greatly appreciate you taking the time to respond and troubleshoot this issue with me.

 

Hello,

 

I struggeling with the same issue. Have you made any progress? What was the outcome of the ticket?

 

Kind regards

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...