Jump to content
Welcome to our new Citrix community!
  • 0

Microsoft 365 Apps - Issue with ADFS SSO


Rastislav Kovac

Question

Hi,

 

I'm currently facing a strange issue. 

Installed M365 Apps for Enterprise on Citrix master image and deployed a machine through MCS. 

When I try to launch any of the Office apps as published app, it launches and prompts for credentials, which I enter, then the app just freezes, not greyed out, just unable to click on anything.

If I decline the credential prompt, it logs me in as my account, but apparently without going through ADFS SSO, so I just end up with the message that I'm using unlicensed Office. 

 

The strange thing is however, if I publish a desktop to same user, log on and launch any Office app, I get automatically authenticated through ADFS SSO and the account becomes licensed. 

After this I can off course use the published apps as the licensing tokens are synced by UPM on the successful authentication attempt on the published desktop, so it doesn't require authentication, because it's using the token in the user profile. 

 

What I have noticed as I tried some troubleshooting is that if I try logging in with my admin account to server and then try to manually sign in with my user account, I get prompted for credentials which then brings up the ADFS authentication window, when I check the processes I can see the proces "Work or school account" which points to this window. However, this never happens if I try to manually log on in the published app and try manually. 

 

I have no idea why the ADFS SSO wouldn't work on the exact same server when launching the exact same app just published. 

Link to comment

2 answers to this question

Recommended Posts

  • 0

Hi,

What OS version are you using on the VDA?

did you find and read this article ?

 

Which contains this workaround as a PowerShell login script:  

If (-not (Get-AppxPackage Microsoft.AAD.BrokerPlugin)) { Add-AppxPackage -Register "$env:windir\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode -ForceApplicationShutdown } Get-AppxPackage Microsoft.AAD.BrokerPlugin

This worked for me ....

Link to comment
  • 0

Hi,

It was on Windows Server 2022. The solution was to enable Shellbridge feature.

It's described in the article, although it states 2019, it's still valid also for 2022. No idea, why it wasn't enabled on more recent CUs for 2203 LTSR, but I guess they wanted to keep feature consistency across same version, but different CUs. After the feature is enabled ADFS SSO could do it's job without issues.

https://support.citrix.com/article/CTX267071/password-field-not-displayed-for-published-apps-in-windows-server-2019

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...