Citrix StoreFront authentication in SSO mode

I found something extremely intriguing about StoreFront and authentication and wanted to share it with the community.

Let’s take StoreFront 3.0, although I bet it was there since beginning.

When StoreFront is configured in SSO mode you have two types of authentication:

  1. From the Internet (via NetScaler)
  2. From internal network (no NetScaler involved)

The Internet authentication is pretty straight forward. StoreFront SSO is not active and users must login the old way, with username and password.

Internet Authentication (NO SSO)

The difference can be seen when SSO authentication from internal network is being used and one specific feature is missing. Explicitly.

And apparently, there’s a reason for it.

In StoreFront’s top-right side, there’s a drop-down menu that appears when clicking the user’s name. The drop-down menu is by default populated with the Activate” and “Log Off ” options, but the Administrator can add more options there.

But where’s the “Change password…” option?

Well, I mentioned that this feature is explicitly removed when SSO is active, and the reason is very logic and I’d give lots of Kudos to Citrix for this.

The reason for the missing “Change password…” option is just one: SECURITY.

 

As mentioned by some friends at Citrix, the logic behind this is quite simple. When an user logs in to his computer and SSO is active, the option is missing in order to protect it’s password, as he might leave his PC unlocked and “a friend” could change the password from StoreFront. And because SSO is active, the “friend” would not be asked for the current password.

If you have like me, clients that need to change passwords from StoreFront, tell them to connect with the alternate login method (Username and Password) and the “Change password…” field will appear where it should be.

2016-02-08_23-02-03_Citrix Receiver - Internet Explorer

 

2016-02-08_23-02-29_Citrix Receiver - Internet Explorer

 

 

Cheers!

Advertisements
About

Victor an End User Computing Consultant. You find him most of the time on Twitter (@01004753) but also on LinkedIn evangelizing new technologies and processes that can change in good, the world we live in. Victor has expertise in Server & Client Virtualization, Client Management, GPU Virtualization, HyperConvergence and Enterprise Security

Tagged with: ,
Posted in Citrix, HowTo

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow Victor Homocea on WordPress.com
My Gravatar

Marius Sandbu

Software-defined datacenter, End user computing & cloud Architect (Microsoft MVP Azure, vExpert, Veeam Vanguard, Citrix CTA)

Trafictube.ro

cu camera pe bord

Thincomputing.net

by Michel Roth on the VDI, Desktop Virtualizaion, Application Virtualization, UEM aspects of End User Computing and Product Management

Ingmar Verheij

About Citrix, Remote Desktop, Performance, Workspace, Monitoring and more...

Carl Stalhood

Filling gaps in EUC vendor documentation

Archy.net

Don't Follow the Trend

Victor Homocea

blog.ogs.ro

Ray Heffer

Double VCDX #122 | Cloud Architect

Elvis Apostol

Calatorind prin lumi indepartate, pictez in cuvinte, lacrimi de culori.

%d bloggers like this: