Looking for:
Citrix receiver cannot find a valid smart card certificate |
Configuring Smart Card Authentication | Authentication and Authorization
Citrix receiver cannot find a valid smart card certificate.Error: "Cannot log on using smart card" on StoreFront
Authenticate | Citrix Workspace app for Mac
StoreFront 3. Earlier StoreFront versions. Aviso legal. Este texto foi traduzido automaticamente. Este artigo foi traduzido automaticamente. This article gives an overview of the tasks involved in setting up smart card authentication for all the по этой ссылке in a typical StoreFront deployment. For more information and step-by-step configuration instructions, see the documentation for the individual products. This overview for configuring a Citrix deployment for smart cards uses a specific smart card type.
Note that similar steps apply to smart cards from other vendors. On your NetScaler Gateway appliance, install a signed server certificate from a certification authority. For more information, see Installing and Managing Certificates. Install on your appliance the root certificate of the certification authority issuing your smart card user certificates.
For more information, see To install a root certificate on NetScaler Gateway. Как сообщается здесь and configure a virtual /14599.txt for client certificate authentication.
Create a certificate authentication policy, specifying SubjectAltName:PrincipalName for user name extraction from the certificate. Then, bind the policy to the virtual server and configure the virtual server to request client certificates. Bind the certification authority root certificate to the virtual server. For more information, see To add a root certificate to a virtual server. To ensure that users do not receive an additional prompt for their credentials at the virtual server when connections to their resources are established, create a second virtual server.
For more information, see Configuring smart card authentication. You must also configure StoreFront to route user connections to resources through this additional virtual server. Users log on to citrix receiver cannot find a valid smart card certificate first virtual server and the second virtual server is used for connections to their resources. When the connection is established, users do not need to authenticate to NetScaler Gateway but are required to enter their PINs to log on to their desktops and applications.
Configuring a second virtual server for user connections to resources is optional unless you plan to enable users to fall back to explicit authentication if they experience any citrix receiver cannot find a valid smart card certificate with their smart cards.
Create session policies and profiles for connections from NetScaler Gateway to StoreFront and bind them to the appropriate virtual server. For more information, see the citrix receiver cannot find a valid smart card certificate article. If you configured the virtual server used for connections to StoreFront to require client certificate authentication for all communications, you must create a further virtual server to provide the callback URL for StoreFront.
This virtual server is used only by StoreFront to verify requests from the NetScaler Gateway appliance and so does not need to be publically citrix receiver cannot find a valid smart card certificate. A separate virtual server is required when client certificate authentication is mandatory because StoreFront cannot present a certificate to authenticate.
For more information, see Creating Virtual Servers. This configuration is required to provide smart card users with the option to fall back to explicit authentication and, subject to the appropriate Windows policy settings, enable users to remove their smart cards without needing to reauthenticate.
Users must log on again очень bloomberg citrix receiver думаю they remove their smart cards from their devices. To enable this IIS site configuration, the authentication service and stores must be collocated on the same server, and a client certificate that is valid for all the stores must be used. For this reason, this configuration should be used when Citrix Receiver for Web client access is not required.
If you are installing StoreFront on Windows Servernote that non-self-signed certificates installed in the Trusted Root Certification Authorities certificate store on the server are not trusted when IIS is configured to use SSL and client certificate authentication. Install and configure StoreFront. Create the authentication service and add your stores, as required.
For more citrix receiver cannot find a valid smart card certificate, see Install and set up StoreFront. Enable smart card authentication to StoreFront for local users on the internal network. For smart card users accessing stores through NetScaler Gateway, enable the pass-through with NetScaler Citrix receiver cannot find a valid smart card certificate authentication method and ensure that StoreFront citrix receiver cannot find a valid smart card certificate configured to delegate credential validation to NetScaler Gateway.
If you plan to enable pass-through authentication when you install Citrix Receiver for Windows on domain-joined user devices, enable domain pass-through authentication. For more information, see Configure the authentication service. To allow Citrix Receiver for Web client authentication with smart cards, you must enable the authentication method per Citrix Receiver for Web site. For more читать полностью, see the Configure Citrix Receiver for Web sites instruction.
If you want smart card users to be able to fall back to explicit authentication if they experience any issues with their smart cards, do not disable the user name and password authentication method. If you plan to enable pass-through authentication when you install Citrix Receiver for Windows on domain-joined user devices, edit the default.
For more information, see Enable pass-through with smart card authentication for Citrix Receiver for Windows. If you created an additional NetScaler Gateway virtual server to be used only for user connections to resources, configure optimal NetScaler Gateway routing through this virtual server for connections to the citrix virtual apps download providing the desktops and applications for the store.
For more information, see Configure optimal HDX routing for a store. To enable users of non-domain-joined Windows desktop appliances to log on to their desktops using smart cards, enable smart card authentication to your Desktop Appliance sites. For more information, see Configure Desktop Appliance sites. Configure the Desktop Appliance site for both smart card and explicit authentication to enable users to log on with explicit credentials if they experience any issues with their smart cards.
For users with non-domain-joined Windows desktop appliances, install Receiver for Windows Enterprise using an account with administrator permissions. Configure Internet Explorer to start in full-screen mode displaying the Desktop Appliance site when the device is powered on.
Once you have confirmed that you can log on to the Desktop Appliance site with a smart card and access resources from the store, install the Citrix Desktop Lock. For more information, see To install the Desktop Lock. For users with domain-joined desktop appliances and repurposed PCs, install Receiver for Windows Enterprise using an account with administrator permissions. Once you have /1573.txt that you can log on to the device with a smart card and access resources from the store, install the Citrix Desktop Lock.
For all other users, install the appropriate version of Citrix Receiver on the user device. For more information, see Configure and install Receiver for Windows using command-line parameters. Ensure that Receiver for Windows is configured for smart card authentication either through a domain policy or a local computer policy. To configure an individual device, use the Group Policy Object Editor on that device to configure the template.
Enable the Smart card authentication policy. Ensure that Automatic logon with the current user name and password is selected in the security settings for the zone. Where necessary, provide ссылка with connection details for the store for users on the internal network or NetScaler Gateway appliance for remote users using an appropriate method.
For more information about providing configuration information to your users, see Citrix Receiver. You can enable pass-through authentication when you install Receiver for Windows on domain-joined user devices.
Important: In multiple server deployments, use only one server at a time to make changes to the configuration of the server group. Ensure that the Citrix StoreFront management console is not running on any of the other servers in the deployment. Once complete, citrix receiver cannot find a valid smart card certificate your configuration changes to the server group so that the other servers in the deployment are updated.
Use a text editor to open the default. To enable pass-through of приведенная ссылка card credentials for users who access stores without NetScaler Gateway, add the following setting in the [Application] section. This setting applies to all users of the store. To enable both domain pass-through and pass-through with smart жмите authentication to desktops and applications, you must citrix receiver cannot find a valid smart card certificate separate stores for each authentication method.
Then, direct your users to the appropriate store for their method of authentication. To enable pass-through of smart card credentials for users accessing stores through NetScaler Gateway, add the following setting in the [Application] section. To enable pass-through authentication for some users and require others to log on to access their desktops and applications, you must create separate stores for each group of users.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions. View PDF. This content has been machine translated dynamically. Give feedback here. Thank you for the feedback. Translation failed! Configure smart card authentication July 20, Contributed by: C.
The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only.
Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and citrix receiver cannot find a valid smart card certificate warranty provided under the applicable end user license citrix receiver cannot find a valid smart card certificate or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated.
Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content. Was this helpful. Send us your feedback. Instructions for Contributors. July 20, Contributed by: C. Citrix Preview Documentation. This Preview product documentation is Citrix Confidential. If you do not agree, select Do Not Agree to exit.
No comments:
Post a Comment