If the Storefront base URL is SSL enabled (where it begins with https as is best practice) and the VDA is not SSL enabled (which it is not by default) the browser in this case will prevent the connection due to what it sees as an underlying inconsistency. Despite this appearance though, the underlying TCP/UDP connection is still between the client and the VDA. This second point is less obvious in the case of Citrix Workspace App for HTML5 because the published desktop or application displays within the browser frame and “appears” to be connected via the Storefront server. Additionally, when any Workspace App for Windows makes a connection to a VDA for either a published desktop or app, the underlying connection is made to the VDA and not the Storefront server as any kind of intermediate proxy. As such the browser has the ability to enforce certain security parameters. As opposed to existing as a separate process, Citrix Workspace App for HTML5 operates within the frame and process space of the browser itself. In explaining the technical reason behind this it is important to understand the following two principles:ġ. When Workspace App for HTML5 is hosted on a https site (default and recommended), non SSL/TLS websocket connections are prohibited by browsers. Going forward, only secure (SSL/TLS) web socket connections can be made from Receiver for HTML5. Firefox allows it behind a flag (as explained earlier in this article), but it is not recommended. Chrome used to allow it behind a flag, but after the Chrome 44 update, this is no longer supported. Internet Explorer never allowed non SSL/TLS web socket connections from HTTPS websites. Important NoteĪs of version 9, Safari browser allows insecure web socket connections. WARNING! This option on Firefox affects the operation of entire Firefox, not just Citrix Receiver for HTML5. Note: This Firefox option might not be supported in Citrix Receiver for HTML5 future versions (v26 and later). If the preceding configuration is consistent with the security policy of your organization, an administrator can enable launching applications or desktop using the following steps:ĭouble-click and set the value to true. Use Mozilla Firefox only for Citrix Receiver for HTML5 (not for general website use).Įnforce a secure configuration for Firefox.Įnable the Firefox option. Note: This workaround has security implications consult the security specialist of your organization to consider the following configuration.Įnforce secure communications between Workspace App for HTML5 and applications or desktops (for example, using IPSec). There is a possible workaround for Mozilla Firefox browser. How To Secure ICA Connections in XenApp and XenDesktop 7.6 using SSL XenApp and XenDesktop 7.6 Security: FIPS 140-2 and SSL to VDA Read the following articles from the Citrix Blog for more information: Workspace App for HTML5 supports secure direct SSL/TLS connections with XenApp/XenDesktop 7.6 This would ensure connections work fine regardless of Virtual Apps or Desktops versions.ĭeploying SSL/TLS for each Virtual Delivery Agent (VDA) for direct connections. Check "Remember my choice" to avoid repeatedĮxternal protocol request popup and Click “Launch Application” button, the application should be launched by Receiver successfully even with CST enabled.Connect via Citrix Gateway even for internal connections. Where it will download ICA file for the resource.Ħ. Otherwise, It will work in non-invoked mode. It indicates Chrome is working at WebHelper.exe invoked mode. If “External Protocol Request” dialog window pops up. In Storefront resource enumeration page, click an application icon. In this situation, user can click “Already installed” to continue, Chrome will work in Citrix WebHelper NOT invoked mode.ĥ. If “Just a moment, we’re detecting if…” webpage doesn't redirect to storefront web page, it means the configuration for Citrix WebHelper invoked mode failed.If “Just a moment, we’re detecting if…” webpage doesn’t auto redirects to enumeration/login page of storefront, please click “Detect again” button to try again.Click “Launch Application” button, the expected output is, “Just a moment, we’re detecting if…” and then automatically redirects to Storefront resource enumeration page with resources listed, or Storefront login page (you might need to re-enter user credential and click “Logon” button). Note: Verify url receiver:///Citrix/…, Verify the client machine can resolve the AG FQDN to correct IP address.Ĥ. Click “Detect Receiver” button and wait, you should see Chrome “External Protocol Request” dialog window pop up. Access Netscaler Access Gateway URL in Chrome and login with user credential, You should get below “Detect Receiver” page.ģ. Chrome > Settings > Show advanced settings > Privacy > clearing Browsing data: the beginning of time, then exit Chrome and re-run it.Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |