Jump to content
Welcome to our new Citrix community!
  • 0

DAAS Remote PowerShell SDK SSO Passthrough


Darryl Sakach

Question

If I simply issue a Get-XDAuthentication I get a Citrix Cloud auth popup as expected. I have an option to 'Sign in with company credentials'. Selecting that prompts me for my sign in URL. If I provide that and continue, I get logged in with my Azure AD credentials via Passthrough of my local signed-in credentials. 

 

How do I effect this Passthrough without having to go through all of the popups? I would expect to be able to provide the company URL as a cmdlet parameter and get seamlessly logged in.

 

I am aware of the ability to set up an API key and have used it successfully, however that requires management of those key elements. For a background task the API key process is invaluable, but for an interactive process it is unnecessary management that has the potential to expose those API credentials.

Link to comment

4 answers to this question

Recommended Posts

  • 0

I think to have a seamless logon I would prefer to configure the credentials with the API Key and Secret, and those would be stored in an encrypted Json file so that you would not have to read it every time. 
Just point to the profile configured and run your commands remotely from a console management server.

Command to Store Client ID and Secret
Set-XDCredentials -ProfileType CloudApi -StoreAs <Name> -APIKey <#######> -SecretKey "################" -CustomerId "CustomerID" 

 

Once the profile is created just run the command below:

Set-XDCredentials -ProfileName "Name"

Name: this would be the name defined in the command to store Client ID and Secret.


However, currently I am running into issues with authenticating to Citrix cloud as it seems that they have changed something on how authentication would work via the Client Secret and ID so I have a case opened with Citrix and will share further updates and how it progresses.

Link to comment
  • 0
19 hours ago, UDDAVE JAJOO said:

I think to have a seamless logon I would prefer to configure the credentials with the API Key and Secret, and those would be stored in an encrypted Json file so that you would not have to read it every time. 
Just point to the profile configured and run your commands remotely from a console management server.

Command to Store Client ID and Secret
Set-XDCredentials -ProfileType CloudApi -StoreAs <Name> -APIKey <#######> -SecretKey "################" -CustomerId "CustomerID" 

 

Once the profile is created just run the command below:

Set-XDCredentials -ProfileName "Name"

Name: this would be the name defined in the command to store Client ID and Secret.


However, currently I am running into issues with authenticating to Citrix cloud as it seems that they have changed something on how authentication would work via the Client Secret and ID so I have a case opened with Citrix and will share further updates and how it progresses.

Thank you for the input. As I have said I am aware of the ability to set up an API key and have used it successfully.

 

My question is how can I trigger automatic SSON with my Azure AD credentials for interactive sessions? This allows all of my Admins to work seamlessly with the same code set without requiring them to first set up and manage an API Key.

Link to comment
  • 0

Hi Darryl Sakach

 

The following option will at least make is easer to connect for the Admins.

 

Try authentication with your Azure AD credentials to your service instead: "Connect-XDService -Credential (Get-Credential) -TenantName "<TenantName>". Now you will be asked to enter your credentials. After that you don't need an API-key anymore.

 

Link to comment
  • 0
On 3/14/2023 at 9:45 AM, Old said:

Hi Darryl Sakach

 

The following option will at least make is easer to connect for the Admins.

 

Try authentication with your Azure AD credentials to your service instead: "Connect-XDService -Credential (Get-Credential) -TenantName "<TenantName>". Now you will be asked to enter your credentials. After that you don't need an API-key anymore.

 

I do not see Connect-XDService cmdlet in the DaaS Remote PoSh SDK. I do not find reference to it on the Internet either. What SDK is it part of?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...