Installing XenDesktop
- Go to the below page and click on the “Add to Chrome” for the Citrix Workspace App Chrome Extension. Chrome Extension for Citrix Workspace App. Remember, this extension is the official Citrix provided extension. But it will not work in any other Chromium-based browser e.g.
- Citrix Receiver for Chrome now supports single sign-on (SSON) functionality on Chromebook devices and Citrix XenApp/XenDesktop backend. With this functionality, users do not have to retype passwords within a Citrix environment. SSON configuration includes setting up SAML SSO on Chrome devices and Receiver for Chrome sessions using SAML cookies.
Install XenDesktop 7.9 and configure Federated Authentication Service. Refer Citrix Documentation - Federated Authentication Service for more details.
Configuring Active Directory Federation Services (AD FS) and Google Admin Console
Install and configure Active Directory Federation Service (AD FS) from server manager roles on any Windows 2K8 R2 or Windows 2K12 R2 server. Ensure that, AD FS and AD are not on the same machine.
Configure AD FS URL in Google Admin console for Single Sign-on as follows:
Enable Single Sign-on in Google Apps. Log in to your administration console at
http://www.google.com/a/your-domain/. Click Security->Set up Single Sign-on (SSO)This will take you through to a configuration screen. Select Enable Single Sign-on,
and enter the following values:
Sign-in page URL: https://adfs.yourdomain.com/adfs/ls/
Sign-out page URL: https://adfs.yourdomain.com/adfs/ls/
Change password URL: https://sts.yourdomain.com/startersts/users/password.aspxVerification certificate: Upload the AD FS Token Signing cert (.cer file) which can be obtained from the AD FS 2.0 Management Console (under Service > Certificates). Click Upload.
Select “Use a domain specific issuer”.
Enter network addresses in the Network masks textbox.
Single sign-on is configured and enabled. Note that the settings take effect immediately. However, it does not affect your login to the Admin Console – that is always accessed by manual login, so that you can get and disable Single Sign-on again.
Configure SAML Single Sign-on policies on Google Admin Console, refer https://support.google.com/chrome/a/answer/6060880 for more details.
Configuring AD FS
• Open the AD FS 2.0 Management Console and navigate to Relying Parties section.Click Add Relying Party Trust
Choose Enter data about the relying party manually
Provide a name for the trust (so that you can easily identify it)
Select AD FS 2.0 profile
Select Enable support for the SAML 2.0 WebSSO protocol and enter /acs'>https://www.google.com/a//acs in the Relying party SAML 2.0 SSO service URL textbox.
Enter google.com/a/<your-domains the Relying party identifier
Complete the wizard steps
Click on the newly added item and select Properties. Click on the Signature tab and Click Add:
Add the Token Signing Certificate – it must the AD FS Token Signing Certificate you uploaded to the Google Admin Console AD FS.
Click OK.
Click Edit Claim Rules and click Add Rule:
From the Claim rule drop-down, select Transform an Incoming Claim.
Provide a Name to the rule, select E-Mail Address as the Incoming Claim Type, set the Outgoing claim type to Name ID and the Outgoing name ID format to Email:
Complete the Wizard steps.
Go to your Active Directory. Go to properties of user for whom you want to enable Single sign on and then add the google domain email address of that user in Email field.
Go to your Active Directory. Go to properties of user for whom you want to enable Single sign on and then add the google domain email address of that user in Email field.
Configuring Citrix NetScaler
How to install Citrix Workspace App on Chromebooks updated April 2nd, 2020 1. Go to the Chrome OS “Web Store” located in the Apps Folder. Search for “Citrix Workspace” 3. Click “Add to Chrome” 4. Reboot the Chromebook.
- Configure NetScaler SAML to work with AD FS. Before this make sure, XenDesktop works with NetScaler without SSON or FAS configuration.. Refer, http://support.citrix.com/article/CTX133919 to configure NetScaler SAML with AD FS
- On successful completion of all the above steps, you are redirected to AD FS page on entering the SF URL
Configuring Single Sign-on on Chromebook
- Chromebook should be a managed Chromebook
- Install and configure SAML SSO for Chrome app extension on Chrome devices. Refer to the Google website for more information. This extension retrieves SAML cookies from browser and provides to Citrix Receiver. This extension needs to be configured with the following policy to allow Receiver to get SAML cookies:
{
'whitelist' : {
'Value' : [
{
'appId' : 'haiffjcadagjlijoggckpgfnoeiflnem',
'domain' : 'saml.yourcompany.com'
}
]
}
} - If you are repackaging Citrix Receiver for Chrome, change the appId. In addition, change the domain to your company's SAML IdP domain.
- Configure Receiver to user NetScaler Gateway configured for SAML logon. This enables users to use the NetScaler Gateway configured for SAML logon.
- Login to Chromebook using managed user which will redirect you to AD FS page for the first time. user has to enter the password twice for the first time.
- After successful login, you can access the XenDesktop resources without having to re-enter the credentials. providing any credentials.
Parent page: Internet and Networking
Contents
|
The Citrix ICA Client (Citrix Receiver) allows access to remote Windows sessions that run on a Citrix server.
These instructions are for current/recent Ubuntu/ICA versions. For historical reference, instructions for older Ubuntu/ICA versions are at CitrixICAClientHowToOlderVersions.
If you are considering deployment of the Receiver in your workplace (as opposed to installation on just your machine), have a look at the Citrix Receiver deployment how-to in the Ubuntu for the Enterprise wiki.
1. (64-bit only) Alternative install procedure that can be added to a deployment bash script
http://mark911.wordpress.com/2014/06/27/how-to-install-citrix-receiver-icaclient-in-ubuntu-14-04-lts-64-bit-tested-and-working-using-mozilla-firefox/
2. (64-bit only) Enable i386 Multiarch
Add Citrix Extension To Chrome
Even the Citrix Receiver for 64-bit systems has a lot of dependencies on packages from the i386 architecture. If you are using 64-bit Ubuntu and have not already configured i386 multiarch, you must configure it by running:
N.B. The download link currently directs you to receiver 13.2 rather than 13.1 and the 64-bit deb no longer has i386 architecture dependencies.
Citrix For Chrome
3. Download the Citrix Receiver for Linux .deb package
Go to https://www.citrix.com/downloads/citrix-receiver/legacy-receiver-for-linux/receiver-for-linux-13-2.html
- Near the bottom of the page, select either 'For 64-bit Systems' or 'For 32-bit Systems' as appropriate, and goto the 'Receiver for Linux' package.
- Look for 'File Type: .deb' under the Download buttons.
- Click this .deb file, and have it open in Ubuntu Software Center for installation (so you can skip step 4), Or download the .deb file and install it as described in step 4..
- Optionally download the 'USB Support Package'. This package provides support for passing USB devices from your local Ubuntu machine into the remote Windows session (if your Citrix server is configured to allow that).
4. Install the downloaded package(s) and dependencies
In case your Ubuntu Software Center didn't install the Citrix receiver, so you had to download it, now install it as follows:
5. Add more SSL certificates
By default, Citrix Receiver only trusts a few root CA certificates, which causes connections to many Citrix servers to fail with an SSL error. The 'ca-certificates' package (already installed on most Ubuntu systems) provides additional CA certificates in /usr/share/ca-certificates/mozilla/ that can be conveniently added to Citrix Receiver to avoid these errors:
6. Configure Citrix Receiver
Run:
To map drives (to allow access to files on your local Ubuntu machine via a share drive in the remote Windows session), see the 'File Access' tab.
7. (64-bit only) Fix Firefox plugin installation
Run:
Starting with Citrix Receiver 13.1, the 64-bit version of Citrix Receiver switched from a 32-bit plugin (using nspluginwrapper to allow it to run within a 64-bit browser) to a native 64-bit plugin. However, the install script still configures the plugin to run within nspluginwrapper, which doesn't work with a 64-bit plugin. The above will reconfigure the plugin to run without nspluginwrapper.
8. Configure Firefox
In Firefox, go to Tools -> Add-ons -> Plugins, and make sure the 'Citrix Receiver for Linux' plugin is set to 'Always Activate'.
Starting in Firefox 32, plugins are set to 'Ask to Activate' by default, but for some reason the activation prompt is never displayed for the Citrix Receiver plugin, so the plugin will not work unless it is set to 'Always Activate'.
9. Configure Chrome/Chromium
To use Citrix Receiver in Chrome and/or Chromium, run:
If you are running KDE 4.10 or later: In System Settings, make sure GTK is set to a theme other than Oxygen. The Oxygen theme seems to cause the Citrix Receiver to constantly crash when trying to launch fullscreen applications (such as Terminal Servers or VDI).
Some people have experienced problems with Citrix Receiver 13.0 showing only random fragments of windows. It is not clear if this is a bug in the graphics library that Citrix has adopted with this version and/or its interaction with certain Citrix server configurations. If you experience this, you are likely to have better success with version 12.1, see CitrixICAClientHowToOlderVersions. The behavior of Citrix Receiver 13.1 for the affected people has not yet been determined.
Sometimes the Citrix client will not go full-screen with Unity. The Unity launcher and status bar will still be visible, and the Citrix mouse will be in a slightly different position than the client mouse. This can be fixed enabling legacy fullscreen in compizconfig-settings-manager. It is in 'advanced search' then 'Plugin: workarounds', then second on the list.
- You can exit from the FULL SCREEN mode (in Unity) by pressing Ctrl+F2 followed by Ctrl+Super+Arrow_Down.
- You can prevent Citrix from starting FULL SCREEN by opening a terminal (Ctrl+Alt+T), gedit ~/.ICAClient/All_Regions.ini and setting DesiredHRES=1366 and DesiredVRES=768 for example.
You can solve keyboard layout problems looking for your keyboard layout in http://support.citrix.com/proddocs/topic/receivers-java-101/java-parameters-keyboard-layouts.html and updating KeyboardLayout value in ~/.ICAClient/wfclient.ini`
There is a bug in Citrix Receiver 13.1.0.285639, that the receiver can not be started from unity. The problem is a missing hash in a parameter, as a workaround it can be fixed by executing the follwing command. The problem and and solution are also described here: http://discussions.citrix.com/topic/358076-deb-package-uses-icaroot-instead-of-icaroot-spelling-error/#entry1844542
How To Add Citrix Receiver To Chrome
CategorySystemCategoryNetworkingCategoryEnterprise