Excluding Citrix published applications from SSO

SecureLogin SSO version 6.1 treats all Citrix published applications as SecureLogin SSO enabled, even if there are also non SecureLogin SSO users accessing the Citrix server.

1. Install FIXC0804000 for SecureLogin SSO.
2. On the Citrix server start regedit and go to

   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

3. Double click the AppSetup entry and remove, "sllauncher.exe slwts.exe" (without quotes) from the value.
4. At this point all published applications that have a SecureLogin SSO service will no longer be available.
5. For each published application that should be SecureLogin SSO enabled, create a separate published application as normal, but add "sllauncher.exe" before the name of the application. No switches are required after the application name (as in pre 6.1 versions of SecureLogin SSO).

Once a SecureLogin SSO enabled application is run in a Citrix session all subsequent published applications launched in that session will require SecureLogin SSO. As a result, non SecureLogin SSO users should only be provided with published applications that are not SecureLogin SSO enabled.

Root Cause

In SecureLogin SSO version 6.1, the slwts.exe component SSO-enables all Citrix published applications by default, so that manual configuration of Citrix applications is not required. For information on slwts.exe, see knowledge base article What is slwts.exe?. Manual configuration is required to allow non-SecureLogin users to access the Citrix applications without being prompted for SecureLogin enrolment.