Jump to content
Updated Privacy Statement
  • 0

Passing SAML Cookie to Chrome Workspace App on chromebook

Marvin Sevenhoven

Asked by Marvin Sevenhoven,

Question

Marvin Sevenhoven Newbie

Marvin Sevenhoven

Posted
Posted

Hi there,

 

I've been following the following guides to try and get the SAML cookie to work within the Workspace App on a chromebook ( the web-store version)

 

https://docs.citrix.com/en-us/citrix-workspace-app-for-chrome/configure.html#configuring-single-sign-on-sson-with-google-and-citrix-using-saml-authentication

https://chrome.google.com/webstore/detail/saml-sso-for-chrome-apps/aoggjnmghgmcllfenalipjhmooomfdce

 

However I'm starting to run into issues when launching the citrix workspace app. It works till a certain point. ill describe the process t

 

  1. The chromebook is started
  2. Chromebook tells me its managed by my company, and offer me to log in
  3. i get redirected to the login screen of my SAML idp  ( helloid)
  4. i log in, get redirected back and logged in. 
  5. i get presented with my desktop screen, with the citrix app pinned to my taskbar.
  6. I open the citrix receiver app. the configuration tells it to directly connect to the storefront since it can reach the internal beacon
  7. storefront redirects me to my SAML IDP.
    --- so far so good ---
  8. SAML IDP supplies me a login screen  

 

step 8 is not supposed to happen. When the app redirects me to the SAML provider, it should have access to my cookie and thus I should be logged in, and redirected to the storefront with a SAML envelope. In the guide it is explained that you should use the "SAML SSO for chrome apps"  extension to make sure the citrix workspace app has access to the cookies for the SAML provider. However, this doesn't seem to work.

 

If after step 5, i open a chrome browser instead and visit the storefront endpoint manually, everything works as intended. The storefront redirects me to my SAML idp, it has access to the cookie, will log me in automatically and redirect me back.

 

Unfortunately the citrix Workspace app doesn't provide logging about cookies, so all i see is the storefront redirecting to the website of the saml IDP which in turn redirects me to it's login form.

 

Is there any extra steps i can take towards debugging this? or can someone verify me that this guide still up-to-date and working?

Link to comment

6 answers to this question

Recommended Posts

  • 0
Marvin Sevenhoven Newbie

Marvin Sevenhoven

Posted
  • Author
Posted

Another progress report on the debugging...

I have been using the chrome debugger on the SAML SSO extension to see if it works properly. It works as expected and does supply the correct cookies in the calback towards de Citrix Workspace app. So it looks like the issue stated above isn't relevant.

 

Is there any way i can inspect the web-requests sent by the app to check if the correct cookies are supplied towards the SAML idP?

Link to comment
  • 0
Marvin Sevenhoven Newbie

Marvin Sevenhoven

Posted
  • Author
Posted

I found the cause i think.

 

image.thumb.png.dbb92854ec95668b98c9bc5aed22bd50.png

 

Since chrome 72, it is no longer allowed to set cookies in the "onHeadersReceived" event of a webview  request in chrome apps. This technique is used by the "Citrix Workspace"  app to set the cookies received from the "SAML SSO for chrome apps"  extension and to supply them to the webview. However, since this no longer works, the cookies don't actually get supplied. Causing the method explained in the documentation to no longer work since chrome version 72.

 

Ultimately, it comes down to it that Citrix Workspace app is unable to set the cookies in the webview.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to question listing

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...