Environment
Situation
Question
What sequence does SecureLogin Single Sign-On follow in a Microsoft Active Directory environment to log users into a Citrix server?
Resolution
Answer
SecureLogin SSO is able to capture the Active Directory credentials entered by the user on their workstation and passes them to the Citrix server automatically. This means a user doesn’t have to logon to Active Directory and then re-authenticate to Active Directory when they launch a Citrix ICA session. This is known as GINA to GINA pass through.
The customer is running Citrix servers but their primary authentication is to Active Directory. They have installed SecureLogin SSO on the Citrix server.
The user has the Citrix ICA client and SecureLogin installed on their workstation.
- The SCREDMAN.DLL retrieves the Username and Password the user entered into their Microsoft Client logon screen, and stores them in a hidden and encrypted SecureLogin platform.
- The user starts an ICA session connecting to a Citrix server.
- The user logs on to Citrix Program Neighborhood and upon initiating the ICA session the user must be authenticated to Active Directory.
- The Username and Password entered earlier are retrieved by SecureLogin and passed down the Citrix Virtual Channel.
- After the credentials are received by the interface, the normal user level eDirectory transaction occurs between the Citrix server and Active Directory.
- Upon authentication to Active Directory, sllauncher.exe starts SecureLogin SSO.
- A call is made to Active Directory to acquire/synchronize assigned scripts, settings, stored credentials and other SSO data.
- Control is then handed off to the specified ICA application and any SSO requests are handled by SecureLogin.
- As the session ages, periodic refreshes of the SecureLogin SSO store are attempted. The timeframe is adjustable by the administrator.
- When a user ends the ICA application, sllauncher.exe closes SecureLogin SSO.
See the SecureLogin SSO or Citrix manual for more information.