Jump to content


Photo

Password field states "disabled by Admin" on Citrix Receiver

Started by JOHN WALSH , 08 April 2010 - 08:08 PM
15 replies to this topic

Best Answer Scott McDonald , 08 April 2010 - 08:37 PM

Hi John, this setting is on the XenApp Services site, highlight the config.xml and then select configure authentication methods, then highlight "Explicit" and click on properties, then select Password Settings - Allow Users to save password will be disabled by default.

JOHN WALSH Members

JOHN WALSH
  • 34 posts

Posted 08 April 2010 - 08:08 PM

Hi,
I was able to successfully configure our company iphones to work with our Citrix environment, tying them into our AGEE environment. The Receiver allows you to save the name and password. When i sign in the first time I receive a message stating that the admin has disabled the savings of the password and now when i check the settings under teh reciever the password field states "Disabled by admin". I poked around and couldnt find a setting that dictates this. We use a radius policy for authentication. Anyone have a suggestion on where this setting may be?



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 08 April 2010 - 08:37 PM

Hi John, this setting is on the XenApp Services site, highlight the config.xml and then select configure authentication methods, then highlight "Explicit" and click on properties, then select Password Settings - Allow Users to save password will be disabled by default.


Best Answer

JOHN WALSH Members

JOHN WALSH
  • 34 posts

Posted 08 April 2010 - 08:39 PM

Why am i Paying for citrix support when I have such knowledgeable Support forum experts!? Thanks Scott, that was exaclty it!



JOHN WALSH Members

JOHN WALSH
  • 34 posts

Posted 08 April 2010 - 08:49 PM

Oops i take that Back. I changed the setting to allow for passwords then i had to create a new receiver entry since when i signed in it still said it was disabled. the new site once i signed in popped up that the admin blocked the saving of the password on the new one! The site is set to Prompt (Default)



Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 08 April 2010 - 10:07 PM

Odd. It should honor the changes to the site as soon as it re-reads the config.xml - you'll have to exit the Receiver and restart it.

I just tested it on my system, I disabled the "Allow user to save password" - clicked ok and ok until I was back to the main AMC screen (no popup menus open)
Reloaded that connection on my iPod - logged in, warned admin disabled the saving.
Exited Receiver.
Re-enabled allow to save password in the PNAgent site - clicked on ok, and ok again back to the main AMC menu.

Relaunched Receiver, selected the connection and I was prompted for password, then after I got my applist was shown that the policy had been changed and if i wanted to save my password (see attachment)

Attached Files



Terry Anderson Members

Terry Anderson
  • 1,522 posts

Posted 09 April 2010 - 12:53 AM

I just verified that changing this setting will allow password saves, although in a production environment I don't think I would ever allow this.

If I let users save their passwords, I have no way to enforce any type of authentication/PIN on the IPad itself. Therefore, unless the user has set a PIN on the device, when (not if) a user misplaces his IPad, whoever finds it will have unauthenticated access to my infrastructure under the credentials of the user whose password is saved if they are smart enough to move a slider on the screen. I don't know many corporate security policies that would ever allow this ;)

Edited by: Terry Anderson on Apr 8, 2010 7:53 PM


Helpful Answer

Scott McDonald Citrix Employees

Scott McDonald
  • 1,837 posts

Posted 09 April 2010 - 01:22 AM

Terry, that's a very good point. The first release of the Receiver for iPad ignored the setting in PNAgent sites and allowed the user to save the password even if the admin disabled it, this was changed for obvious reasons :)


Helpful Answer

JOHN WALSH Members

JOHN WALSH
  • 34 posts

Posted 09 April 2010 - 02:37 AM

Scott,
I think i just needed to wait a moment, i checked it again and i received the message about the password save. You guys make valid points though. For production its too much of a security risk to leave this checked. Thanks for your help!



Michael Chung Members

Michael Chung
  • 36 posts

Posted 20 May 2010 - 02:27 PM

I am using Xenap6 with AG.

Why I cannot find "Explicit" in the XenApp Services site?

I am using gateway direct setting in the site.



Scott McDonald Citrix Employees
  • #10

Scott McDonald
  • 1,837 posts

Posted 20 May 2010 - 06:24 PM

Michael, this should be available by selecting the config.xml file, then manage authentication methods.



Michael Chung Members
  • #11

Michael Chung
  • 36 posts

Posted 21 May 2010 - 02:50 AM

Sorry, I cannot find config.xml in Web Interface. I think the layout changed in XenApp6 WI.



Scott McDonald Citrix Employees
  • #12

Scott McDonald
  • 1,837 posts

Posted 21 May 2010 - 05:08 PM

Michael, on 5.3 you're correct, the config.xml doesn't show in the Web Console.
You need to highlight your XenApp services site, select manage authentication methods, then go to the properties for Prompt, then password settings. See the screenshot attached.

Attached Files



Donald Petry III Members
  • #13

Donald Petry III
  • 669 posts

Posted 15 July 2010 - 07:32 PM

We experienced this issue with an additional symptom that recently began occurring: Users could only login ONCE. They would have to delete their profile and recreate it each time.

I believe that our use of Two Factor (RSA + Domain) is a key variable in this issue.

Changing the "don't save password" setting cleared the issue.



Scott McDonald Citrix Employees
  • #14

Scott McDonald
  • 1,837 posts

Posted 16 July 2010 - 06:28 PM

Donald - if they were seeing an issue after upgrading to iOS 4 with the password dialog box being non-functional, this will be addressed in the update to the Receiver for iPhone that should be available soon.



Xavier Lopez Pulido Members
  • #15

Xavier Lopez Pulido
  • 11 posts

Posted 07 February 2013 - 11:53 AM

Hi, Scott.

I'm having the same issue on ipad/iphone. But I have a Storefront 1.2 instead of Web Interface. How could I do the same?

Your comment will be greatly appreciated

Thanks in advance.

Xavier



Gabriele Pallassini Members
  • #16

Gabriele Pallassini
  • 48 posts

Posted 20 February 2013 - 11:21 AM

the same question...with Storefront Services instead legacy PNA?
Where is this option?