We are using SAML with an external identity provider through Netscaler and Storefront using FAS to our published desktops in Xendesktop. This is working pretty well.
Within the published desktop (pooled, random, provisioned by PVS) we have Receiver installed with SSO/Pass-through for access to a few published applications that are not in our image for one reason or another.
The scenario works fine when you login the normal way... userid and password at Storefront or Netscaler.
But when going in via SAML the Storefront logs into the pub desktop VDA with a SmartCard Cert provided by FAS. This works fine... except for Receiver and the published apps. Receiver obviously has nothing to pass on to the XenApp VDA to logon. When you try you get a server 2008 console screen in a window. You can click Switch User and logon... although the application does not actually start. I have configured Storefront to allow SmartCard authentication but that does not fix it.
I have tried latest versions of Storefront (3.9) and Receiver (4.8). VDAs are 7.13.
Anyone know if it is possible for this to work and if so how?
I made a nice(ish) ascii diagram I was going to paste here but you cannot choose a monospaced font so it looks bad. Here is a link to the ascii diagram if you are interested. Also attached it in a text file if you are leary about clicking on links (reasonable).
Question
David Ray
We are using SAML with an external identity provider through Netscaler and Storefront using FAS to our published desktops in Xendesktop. This is working pretty well.
Within the published desktop (pooled, random, provisioned by PVS) we have Receiver installed with SSO/Pass-through for access to a few published applications that are not in our image for one reason or another.
The scenario works fine when you login the normal way... userid and password at Storefront or Netscaler.
But when going in via SAML the Storefront logs into the pub desktop VDA with a SmartCard Cert provided by FAS. This works fine... except for Receiver and the published apps. Receiver obviously has nothing to pass on to the XenApp VDA to logon. When you try you get a server 2008 console screen in a window. You can click Switch User and logon... although the application does not actually start. I have configured Storefront to allow SmartCard authentication but that does not fix it.
I have tried latest versions of Storefront (3.9) and Receiver (4.8). VDAs are 7.13.
Anyone know if it is possible for this to work and if so how?
I made a nice(ish) ascii diagram I was going to paste here but you cannot choose a monospaced font so it looks bad. Here is a link to the ascii diagram if you are interested. Also attached it in a text file if you are leary about clicking on links (reasonable).
Thanks,
David
FAS_SSO_Problem.txt
Link to comment
21 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now