Web Interface 5.4 and XenApp 6.5 pass-through authentication

There is stuff about this all over the web.  After collecting a lot of data from various sources I figure I put it all together in a simple to follow set of instructions.


You configure pass-through authentication in Web Interface, but while it works through the login page, you find that you are promoted to enter credentials via the XenApp 6.5 server’s Windows 2008 R2 login screen when launching a published application.

I was able to test this with all Citrix Receivers (3.0, 3.1, 3.2)

  • Lets start with the WI settings and make sure you set you have one of your Authentication Methods to Pass-Through.  In my case, I also selected Explicit to allow users to authenticate as another account if needed.

  • Next simply install the Citrix Receiver 3.x and reboot
  • Once the system is back up, make sure the Citrix SSO service is running.

The hard part is done, unless your AD person is named Omar.

Now lets get that Citrix Client ADM imported so we can create a GPO to allow this.  In the example below I did this based on a computer policy.

  • From a computer that is installed with the Receiver client, open the Group Policy Object Editor. Click on Start > Run and enter gpedit.msc.
  • In the Group Policy Object Editor, right-click Administrative Templates.
  • Click Add/Remove Templates.
  • Browse to the C:\Program Files\Citrix\ICA Client\Configuration folder and add the icaclient.adm file.

  • Expand Computer Configuration > Administrative Templates > Citrix Components > Presentation Server Client > User Authentication.
  • On the right pane, select Local User name and password.
  • Right-click and enable the policy for pass-through authentication. This policy is applied to all users logging on to this workstation.
  • To apply GPO settings on a per-user basis, configure the settings under User Configuration. Expand User Configuration > Administrative Templates > Citrix Components.

  • Run GPupdate on the workstation to apply the policy immediately.  Since this is a Comp policy you may have to reboot.
  • Log off and log on again.
  • Check the Task Manager on the workstation to verify that the ssonsvr.exe process is running.

About CyberRuiz
Highly motivated with over 12 years experience on Citrix/VMWare/Microsoft/technologies. Exceptional communication skills and team player. CCIA – Citrix Certified Integration Architect. CCEA – Citrix Certified Enterprise Administrator. VCP – VMWare Certified Professional in ESX 2.x, VI3, VI4 MCSE – Microsoft Certified Systems Engineer

One Response to Web Interface 5.4 and XenApp 6.5 pass-through authentication

  1. Kapil says:

    So I assume Flash would work tghuroh Citrix then. That would be great. This comment made me dust off my Logmein app and sure enough, I was able to use a site with Flash via Logmein on my iPhone. I’m not sure what the difference would be between using Citrix and Logmein, except perhaps the security? I use Citrix to work at home, so the application is of course, quite different.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: