Environment
Novell iChain 2.3 Service Pack 5
Interim Release 1
Citrix Metaframe sever Version 3.0
Citrix Metaframe sever Version 3.0
Situation
- ICA files will be hosted on a web server instead of using the Citrix NFuse Server
- Novell iChain has been configured as documented in the iChain Adminstration Guide section:"Configuring iChain to Accelerate Citrix MetaFrame Servers without Nfuse"
- Since the upgradefrom Novell iChain version 2.3 Service Pack 4 has to Novell iChain 2.3 Service Pack 5 Interim Release 1Single Sign On with FormFill to the MetaFrame server doe not deliver the Password anymore
Resolution
- This issue has been addressed to engineering
- As a workaround you can use the SSO.NLM out of iChian 2.3
Service Pack 4.
Note:LDAP failover in the case of a non responsive LDAP server will not work with the SP4 module
Status
Reported to EngineeringAdditional Information
Troubleshooting:
SSO has been switched to debug mode using the command line"load sso.nlm /d5 /l"
One accelerator has been configured to host an Apache server hosting the Citrix ICA files.
The Web server prompts the user with a login Form requesting the following input:
==========================================================================
==========================================================================
FormFill has been configured with the following policy to inject the required credentials:
==========================================================================
loginWithoutNfuse
nw65.ichainsite.com/citrix/ICA/login.html
Authenticate
==========================================================================
FormFill to this login page runs without any problems
The Form redirects the browser to download the "Desktop.ics" which will be rewritten using the following Policy:
==========================================================================
NativeMFTest
nw65.ichainsite.com/citrix/ICA/*
[WFClient]
[WFClient]
ProxyHost=citrix.ichainsite.com:80
ICHAIN-TOKEN
Address=10.2.92.195
Address=citrix.ichainsite.com
TransportDriver=TCP/IP
TransportDriver=TCP/IP
ICHAIN-ICA-SSO-POLICY=loginWithoutNfuse
==========================================================================
Login and creating the ICA tunnel works without any problems but the ClearPassword used by the metaframe server will not be written (sso debug output)
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=
.......
==========================================================================
Reverting back SSO.NLM from iChain 2.3 Service Pack4 will fill the ClearPassword as expected (sso debug output):
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=novell
.......
.......
==========================================================================
SSO has been switched to debug mode using the command line"load sso.nlm /d5 /l"
One accelerator has been configured to host an Apache server hosting the Citrix ICA files.
The Web server prompts the user with a login Form requesting the following input:
==========================================================================
==========================================================================
FormFill has been configured with the following policy to inject the required credentials:
==========================================================================
==========================================================================
FormFill to this login page runs without any problems
The Form redirects the browser to download the "Desktop.ics" which will be rewritten using the following Policy:
==========================================================================
[WFClient]
[WFClient]
ProxyHost=citrix.ichainsite.com:80
ICHAIN-TOKEN
Address=10.2.92.195
Address=citrix.ichainsite.com
TransportDriver=TCP/IP
TransportDriver=TCP/IP
ICHAIN-ICA-SSO-POLICY=loginWithoutNfuse
==========================================================================
Login and creating the ICA tunnel works without any problems but the ClearPassword used by the metaframe server will not be written (sso debug output)
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=
.......
==========================================================================
Reverting back SSO.NLM from iChain 2.3 Service Pack4 will fill the ClearPassword as expected (sso debug output):
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=novell
.......
.......
==========================================================================