Trying to figure out Workspace SSO and Kerberos, if it's something we should have enabled or not.
- Currently our Storefront server has Kerberos Delegation enabled. Something set from our previous admin for reasons unknown.
- Dell Thin clients are setup with CVAD broker pointing to our only storefront store and 3rd party authentication using Imprivata
- Most everyone logs in with only a Windows AD username and password. Some users login with a Windows AD username/pw with either proximity card or a fingerprint scan. No smartcards are used.
If we install Workspace with Enable_Kerberos=Yes, SSO doesn't work but we're able to manually login and get desktops/apps.
If we install Workspace without Enable_Kerberos=Yes, SSO works but storefront doesn't connect (due to the Kerberos Delegation being enabled we presume)
Looking at documents for 2203 LTSR, for Kerberos it states:
Quote
Citrix Workspace app supports Kerberos for domain pass-through authentication for deployments that use smart cards.
So does this mean Kerberos should only be used when smartcards are being used?
I reached out to Citrix support and the first tech says it should work with just a username/password, but this documentation they sent seems to contradict that.
I'm just trying to get a better understanding of how/when Kerberos should be used with Workspace SSO and to figure out:
A) if our previous admin enabled it when it shouldn't be since we don't use smartcards.
or B) if kerberos enabled should work with just a username/password, why isn't it? We're not sure what would be breaking it.
Question
sortola27
Hi all,
Trying to figure out Workspace SSO and Kerberos, if it's something we should have enabled or not.
- Currently our Storefront server has Kerberos Delegation enabled. Something set from our previous admin for reasons unknown.
- Dell Thin clients are setup with CVAD broker pointing to our only storefront store and 3rd party authentication using Imprivata
- Most everyone logs in with only a Windows AD username and password. Some users login with a Windows AD username/pw with either proximity card or a fingerprint scan. No smartcards are used.
If we install Workspace with Enable_Kerberos=Yes, SSO doesn't work but we're able to manually login and get desktops/apps.
If we install Workspace without Enable_Kerberos=Yes, SSO works but storefront doesn't connect (due to the Kerberos Delegation being enabled we presume)
Looking at documents for 2203 LTSR, for Kerberos it states:
So does this mean Kerberos should only be used when smartcards are being used?
I reached out to Citrix support and the first tech says it should work with just a username/password, but this documentation they sent seems to contradict that.
I'm just trying to get a better understanding of how/when Kerberos should be used with Workspace SSO and to figure out:
A) if our previous admin enabled it when it shouldn't be since we don't use smartcards.
or B) if kerberos enabled should work with just a username/password, why isn't it? We're not sure what would be breaking it.
Thanks.
Link to comment
3 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now