Looking for:
Citrix workspace cannot find a valid smart card certificate |
Citrix workspace cannot find a valid smart card certificate.Error: "Cannot log on using smart card" on StoreFront
Failed to load featured products content, Please try again. Customers who viewed this article also viewed. Log in to Verify Download Permissions. Symptoms or Error This article is intended for Citrix administrators and technical teams only. However, users connecting from iOS 9 and 10 devices will not face this error and will be able to use smart cards to authenticate to Storefront or NetScaler Gateway.
There is NO workaround for this issue. Citrix recommends users who are using smart cards with their Citrix Receiver for iOS not to upgrade to iOS11 until the updated version of Receiver is made available. Citrix is working towards resolving this issue.
Once resolved, a new version will be updated in the App Store. Citrix has identified that the error is due to a third-party-dependent SDK used for smart card authentication that is not compatible with iOS Was this page helpful? Thank you! Sorry to hear that. Name Name is required. Email Email address is required. Close Submit.
Featured Products. Need more help? Product issues. Open or view cases Chat live. Other support options. Share this page.
Citrix workspace cannot find a valid smart card certificate
Current Release. Configuring Default Global Authentication Types. Configuring Authentication Without Authorization. Configuring Authorization. Configuring Authorization Policies. Setting Default Global Authorization. Disabling Authentication. Configuring Authentication for Specific Times. How Authentication Policies Work. Configuring Authentication Profiles. Binding Authentication Policies. Setting Priorities for Authentication Cihrix.
Configuring Local Users. Configuring Groups. Adding Users to Groups. Configuring Policies with Groups. To configure Fitrix authentication by using the configuration utility. To configure LDAP authorization. Creating Session Policies for Group Extraction. Configuring Client Certificate Authentication. Configuring two-factor Больше на странице Certificate Authentication.
Configuring IP Address Extraction. To configure SAML authentication. Configuring Multifactor Authentication. Configuring Cascading Authentication. Configuring Two-Factor Authentication. Selecting the Authentication Type for single sign-on. Configuring citrix workspace cannot find a valid smart card certificate sign-on.
Configuring single sign-on with Windows. Configuring single sign-on to Web Applications. Configuring single sign-on to a Domain. Configuring single sign-on for Microsoft Exchange Configuring One-Time Password Canmot. Configuring SafeWord Authentication. Configuring Gemalto Protiva Authentication. Unified Gateway Visualizer. Restrict access to Citrix Gateway for members of one Active Directory group. Aviso legal. Este texto citrix workspace cannot find a valid smart card certificate traduzido automaticamente.
Este artigo foi traduzido automaticamente. For more information, see To install a root certificate on Citrix Gateway. Important : When you add the root certificate to the virtual server for smart card authentication, you must select citrix workspace cannot find a valid smart card certificate certificate from the Select CA Certificate workspce. After you create the client certificate, you can write the certificate, known as flash, onto the smart card.
When you complete that step, you can test the smart card. Посетить страницу источник you certiflcate the Web Interface for smart card passthrough authentication, if either of the following conditions exist, single sign-on to the Web Interface fails:.
You can use smart card authentication to streamline the logon process for your users while also enhancing the security of user access to your infrastructure.
Access to the internal corporate network is protected by certificate-based two-factor cnnot using the public key infrastructure. Certifivate keys are protected by hardware controls and never leave the smart card. Your users get the convenience of accessing their desktops and applications cannoh a range of corporate devices using their smart cards and PINs.
You can use smart cards for продолжение здесь authentication through StoreFront to desktops and applications provided by Citrix Virtual Apps and Desktops. Smart card users читать полностью on to StoreFront can also access applications provided by Citrix Endpoint Management. However, users must authenticate again to access Endpoint Management web applications that use client certificate authentication.
For more information, see Configure smart card authentication in the StoreFront documentation. Users who log on and establish a secure ICA connection by using a smart card with single sign-on configured on Citrix Gateway might receive prompts for their personal identification worksppace PIN twice. The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions. Citrix Gateway. Current Release Current Release View PDF. This content has been machine translated dynamically. Give feedback here. Thank you certjficate the feedback. Citrix Gateway Citrix workspace cannot find a valid smart card certificate Gateway Translation failed!
Worispace official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English smarf citrix workspace cannot find a valid smart card certificate any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable certififate user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated.
Citrix will not be held responsible for any damage or issues вот ссылка may arise from using machine-translated content. Was citrox helpful.
Send us your feedback. Instructions for Contributors. October 5, Contributed by: S. Citrix Preview Documentation. This Preview product documentation is Citrix Confidential. If you do not agree, select Do Not По этому адресу to exit. Machine Translation Feedback Form. Write something?
Configuring Smart Card Authentication | Authentication and Authorization
Virtual display layout. Audio features. Browser content redirection. HDX video conferencing and webcam video compression. HTML5 multimedia redirection. Optimization for Microsoft Teams. Monitor, troubleshoot, and support Microsoft Teams. Windows Media redirection. General content redirection. Client folder redirection. Host to client redirection. Bidirectional content redirection.
Generic USB redirection and client drive considerations. Printing configuration example. Best practices, security considerations, and default operations. Printing policies and preferences. Provision printers. Maintain the printing environment. Work with policies. Policy templates. Create policies. Compare, prioritize, model, and troubleshoot policies. Default policy settings. Policy settings reference. ICA policy settings. HDX features managed through the registry. Load management policy settings.
Profile management policy settings. User personalization policy settings. Virtual Delivery Agent policy settings. Virtual IP policy settings. Connector for Configuration Manager policy settings. Multi-type licensing. FAQ for licensing. App packages. Universal Windows Platform Apps. Connections and resources. Local Host Cache.
Virtual IP and virtual loopback. Delivery Controllers. VDA registration. Use Search in Studio. User profiles. Citrix Insight Services. Citrix Scout. Configuration logging. Event logs. Advanced configuration.
PIV smart card authentication. Network analysis. Delegated Administration and Director. Secure Director deployment. Configure with Citrix Analytics for Performance. Site analytics. Alerts and notifications. Filters data.
Historical trends. Troubleshoot deployments. User issues. Feature compatibility matrix. Data granularity and retention. Troubleshoot Director failure reasons. Third party notices. Document History. Aviso legal. Este texto foi traduzido automaticamente. Este artigo foi traduzido automaticamente.
Smart cards and equivalent technologies are supported within the guidelines described in this article. Smart card enrollment is not supported with fast smart card. Smart card enrollment might work when fast smart card is disabled, but depends on the type of smart card and middleware. Contact your smart card and middleware vendor for information on their integration with Citrix Virtual Apps and Desktops and support for smart card enrollment over virtual sessions.
Enterprise and consumer smart cards have the same dimensions, electrical connectors, and fit the same smart card readers. Smart cards for enterprise use contain digital certificates. These smart cards support Windows Logon, and can also be used with applications for digital signing and encryption of documents and email. Citrix Virtual Apps and Desktops support these uses.
Smart cards for consumer use do not contain digital certificates; they contain a shared secret. These smart cards can support payments such as a chip-and-signature or chip-and-PIN credit card. They do not support Windows Logon or typical Windows applications. Specialized Windows applications and a suitable software infrastructure including, for example, a connection to a payment card network are needed for use with these smart cards.
Contact your Citrix representative for information on supporting these specialized applications on Citrix Virtual Apps or Citrix Virtual Desktops. These digital certificates are not strictly equivalent to smart cards. A minimum requirement is that smart cards and smart card devices must be supported by the underlying Windows operating system and must be approved by the Microsoft Windows Hardware Quality Labs WHQL to be used on computers running qualifying Windows operating systems.
For more information, refer to the Citrix Ready program. However, if smart cards conform to a standard such as the NIST Personal Identity Verification PIV standard, it might be possible to use a single device driver for a range of smart cards.
The device driver is often supplied as part of a smart card middleware package available from a Citrix partner; the smart card middleware package offers advanced features.
The following smart card and middleware combinations for Windows systems have been tested by Citrix as representative examples of their type. However, other smart cards and middleware can also be used. For information about smart card usage with other types of devices, see the Citrix Workspace app documentation for that device.
Smart cards are supported only for remote access to physical office PCs running Windows 10, Windows 8 or Windows 7. It improves performance when smart cards are used in high-latency WAN situations. Fast smart card is enabled by default on host machines with currently supported Windows VDAs. In addition, on the client side, fast smart card can be force enabled or force disabled for example, for diagnostic purposes with the following registry settings:.
The bit registry hive must be specified using WOWNode if the client machine is bit. This can further improve the user experience. Session PIN Caching is disabled by default.
It can be enabled and controlled with the following registry settings on the VDA:. A smart card reader might be built in to the user device, or be separately attached to the user device usually via USB or Bluetooth.
They contain a slot or swipe into which the user inserts the smart card. The Deutsche Kreditwirtschaft DK standard defines four classes of contact card readers. For information about supported smart card readers, see the documentation for the Citrix Workspace app you are using.
In the Citrix Workspace app documentation, supported versions are listed in a smart card article or in the system requirements article. Important: Do not use generic USB redirection for smart card readers.
This is disabled by default for smart card readers, and is not supported if enabled. Multiple smart cards and multiple readers can be used on the same user device, but if pass-through authentication is in use, only one smart card must be inserted when the user starts a virtual desktop or application. If you are installing StoreFront on Windows Server , note that non-self-signed certificates installed in the Trusted Root Certification Authorities certificate store on the server are not trusted when IIS is configured to use SSL and client certificate authentication.
Install and configure StoreFront. Create the authentication service and add your stores, as required. For more information, see Install and set up StoreFront. Enable smart card authentication to StoreFront for local users on the internal network.
For smart card users accessing stores through NetScaler Gateway, enable the pass-through with NetScaler Gateway authentication method and ensure that StoreFront is configured to delegate credential validation to NetScaler Gateway.
If you plan to enable pass-through authentication when you install Citrix Receiver for Windows on domain-joined user devices, enable domain pass-through authentication. For more information, see Configure the authentication service. To allow Citrix Receiver for Web client authentication with smart cards, you must enable the authentication method per Citrix Receiver for Web site. For more information, see the Configure Citrix Receiver for Web sites instruction.
If you want smart card users to be able to fall back to explicit authentication if they experience any issues with their smart cards, do not disable the user name and password authentication method. If you plan to enable pass-through authentication when you install Citrix Receiver for Windows on domain-joined user devices, edit the default. For more information, see Enable pass-through with smart card authentication for Citrix Receiver for Windows.
If you created an additional NetScaler Gateway virtual server to be used only for user connections to resources, configure optimal NetScaler Gateway routing through this virtual server for connections to the deployments providing the desktops and applications for the store. For more information, see Configure optimal HDX routing for a store.
To enable users of non-domain-joined Windows desktop appliances to log on to their desktops using smart cards, enable smart card authentication to your Desktop Appliance sites. For more information, see Configure Desktop Appliance sites. Configure the Desktop Appliance site for both smart card and explicit authentication to enable users to log on with explicit credentials if they experience any issues with their smart cards.
For users with non-domain-joined Windows desktop appliances, install Receiver for Windows Enterprise using an account with administrator permissions. Configure Internet Explorer to start in full-screen mode displaying the Desktop Appliance site when the device is powered on. Once you have confirmed that you can log on to the Desktop Appliance site with a smart card and access resources from the store, install the Citrix Desktop Lock.
For more information, see To install the Desktop Lock. For users with domain-joined desktop appliances and repurposed PCs, install Receiver for Windows Enterprise using an account with administrator permissions. Once you have confirmed that you can log on to the device with a smart card and access resources from the store, install the Citrix Desktop Lock. For all other users, install the appropriate version of Citrix Receiver on the user device.
For more information, see Configure and install Receiver for Windows using command-line parameters. Ensure that Receiver for Windows is configured for smart card authentication either through a domain policy or a local computer policy. To configure an individual device, use the Group Policy Object Editor on that device to configure the template.
Enable the Smart card authentication policy. Ensure that Automatic logon with the current user name and password is selected in the security settings for the zone. Where necessary, provide users with connection details for the store for users on the internal network or NetScaler Gateway appliance for remote users using an appropriate method. For more information about providing configuration information to your users, see Citrix Receiver.
You can enable pass-through authentication when you install Receiver for Windows on domain-joined user devices. Important: In multiple server deployments, use only one server at a time to make changes to the configuration of the server group. Ensure that the Citrix StoreFront management console is not running on any of the other servers in the deployment.
Once complete, propagate your configuration changes to the server group so that the other servers in the deployment are updated. Use a text editor to open the default. To enable pass-through of smart card credentials for users who access stores without NetScaler Gateway, add the following setting in the [Application] section.
This setting applies to all users of the store. To enable both domain pass-through and pass-through with smart card authentication to desktops and applications, you must create separate stores for each authentication method. Then, direct your users to the appropriate store for their method of authentication.
To enable pass-through of smart card credentials for users accessing stores through NetScaler Gateway, add the following setting in the [Application] section. To enable pass-through authentication for some users and require others to log on to access their desktops and applications, you must create separate stores for each group of users. The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions. View PDF. This content has been machine translated dynamically. Give feedback here.
No comments:
Post a Comment