Get Active Directory credentials on Windows to pass to Citrix

StackOverflow https://stackoverflow.com/questions/19272711

Question

Let me preface this question by saying I don't know if this is possible and also I do not know the best way of going about doing this if it is possible.

What I want to see if I can do is somehow grab the current Active Directory credentials from a windows machine and then use that to log into another application. That application is XenDesktop (Citrix virtual desktop).

The credentials that Citrix is taking is the same as Active Directory. I wanted to maybe develop a way so they would not have to log in twice, once to the box and then once into Citrix.

My first thought would be to develop a web application. If the user navigates to my application it could grab the current AD creds and then pass it easily to the citrix.

Any help on shedding light on this issue would be greatly appreciated.

Was it helpful?

Solution

Yes, this should be possible using Citrix's single sign-on. Without knowing everything about your environment, it is difficult to tell you the exact steps you need to take. But, you will need to enable SSO on both the desktop and server side.

The enterprise version of Citrix Receiver install SSO components by default. This component installs a GINA DLL on the workstation which intercepts the user credentials when they log in, unlock the computer, etc. You have to enable this functionality by setting some registry values in:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Logon\Local Credentials

Similar to:

EnableSSOnThruICAFile=true
LegacyLocalUserNameAndPassword=*
SSOnCredentialType"=Any,NT,NDS
SSOnUserSetting=true
UseLocalUserAndPassword"=true

The tells Citrix Receiver that it's OK to capture Windows credentials and pass them through to XenApp.

You can then create an .ICA file to launch the Citrix desktop, but you don't have to worry about scripting anything or passing credentials. They will be passed for you. You just have to make sure that SSO is enabled in the .ICA file as well. In the [WFClient] section add:

UseLocalUserAndPassword=On
SSOnUserSetting=On
EnableSSOnThruICAFile=On

Plus whatever other ICA settings you'll need to launch the desktop. Double-clicking this .ICA will then start the desktop with the passed through credentials.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top