One of the most requested features for Receiver for Web is pass-through authentication for users of domain-joined client machines. This is now available in StoreFront 2.5 for Internet Explorer users.
Pass-through authentication to Receiver for Web can be enabled from the StoreFront Administration Console:
- Select the “Receiver for Web” node in the left panel.
- Select the site you want to enable pass-through authentication.
- Select the “Choose Authentication Methods” task in the right panel.
- Check the “Domain pass-through” checkbox in the popup dialog.
- Click OK.
By default, Internet Explorer only performs automatic logon for sites in the Intranet zone. Therefore, the Receiver for Web site has to be added to the Intranet zone unless you change the Internet Options.
You have to install and configure Receiver for Windows for pass-through authentication to provide users with seamless single sign-on experience. The instruction is available from http://support.citrix.com/article/CTX133982. If Receiver for Windows is not configured properly, users will be prompted for their credentials whenever they launch an application/desktop.
If multiple authentication methods (excluding Pass-through from NetScaler Gateway) are enabled for a Receiver for Web site and a user access the site for the first time, Receiver for Web presents the user with a choice, defaulting to pass-through authentication. Pass-through from NetScaler Gateway always takes precedence if NetScaler Gateway is detected.
Once the user logs on successfully, Receiver for Web remembers the user’s choice in a persistent cookie. If pass-through authentication is used, next time the user accesses the same Receiver for Web site from the same client machine. They will be logged on automatically without encountering the choice screen unless they clear their Internet Explorer cookies.
If for any reason, the user would like to change the authentication method in the subsequent login, they can do it on the logged off screen. Simply uncheck the “Remember my logon method” checkbox and click the “Log On” button. They will be taken back to the logon method choice screen.