SSO to Citrix Metaframe server stops working since applying iChain 2.3 SP5 IR1

  • 3151667
  • 15-Jun-2007
  • 26-Apr-2012

Environment

Novell iChain 2.3 Service Pack 5 Interim Release 1
Citrix Metaframe sever Version 3.0


Situation

  • ICA files will be hosted on a web server instead of using the Citrix NFuse Server
  • Novell iChain has been configured as documented in the iChain Adminstration Guide section:"Configuring iChain to Accelerate Citrix MetaFrame Servers without Nfuse"
  • Since the upgradefrom Novell iChain version 2.3 Service Pack 4 has to Novell iChain 2.3 Service Pack 5 Interim Release 1Single Sign On with FormFill to the MetaFrame server doe not deliver the Password anymore

Resolution

  • This issue has been addressed to engineering

  • As a workaround you can use the SSO.NLM out of iChian 2.3 Service Pack 4.
    Note:LDAP failover in the case of a non responsive LDAP server will not work with the SP4 module

Status

Reported to Engineering

Additional Information

Troubleshooting:

SSO has been switched to debug mode using the command line"load sso.nlm /d5 /l"

One accelerator has been configured to host an Apache server hosting the Citrix ICA files.
The Web server prompts the user with a login Form requesting the following input:
==========================================================================


Password:


" method="post">

==========================================================================

FormFill has been configured with the following policy to inject the required credentials:
==========================================================================

loginWithoutNfuse
nw65.ichainsite.com/citrix/ICA/login.html
Authenticate







==========================================================================
FormFill to this login page runs without any problems

The Form redirects the browser to download the "Desktop.ics" which will be rewritten using the following Policy:
==========================================================================


NativeMFTest
nw65.ichainsite.com/citrix/ICA/*



[WFClient]


[WFClient]
ProxyHost=citrix.ichainsite.com:80
ICHAIN-TOKEN


Address=10.2.92.195


Address=citrix.ichainsite.com


TransportDriver=TCP/IP


TransportDriver=TCP/IP
ICHAIN-ICA-SSO-POLICY=loginWithoutNfuse





==========================================================================


Login and creating the ICA tunnel works without any problems but the ClearPassword used by the metaframe server will not be written (sso debug output)
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=
.......
==========================================================================


Reverting back SSO.NLM from iChain 2.3 Service Pack4 will fill the ClearPassword as expected (sso debug output):
==========================================================================
.......
.......
TransportDriver=TCP/IP
AutoLogonAllowed=ON
Username=Administrator
ClearPassword=novell
.......
.......
==========================================================================


Feedback service temporarily unavailable. For content questions or problems, please contact Support.