Solved: Webvpn bookmark - Citrix Storefront

Cedrik · ‎07-17-2019

Hi,

I have an active/passive ASAv10 pair running 9.10(1) on which Im trying to configure a bookmark with automatic log on to our Citrix Storefront 2.6 site.

Im fairly confident I have the good POST parameters captured with Wireshark but I cannot figure out how to configure the pass-through authentication on the ASA.

I've tried various combination in an "Auto sign-on Form Submit" but here's what I got at the moment;
URL: http://domain.com/Citrix/StoreWeb
Login page URL: http://domain.com/Citrix/StoreWeb/ExplicitAuth/LoginAttempt
Landing page URL or Control ID: http://domain.com/Citrix/StoreWeb
Form parameters;
password: CSCO_WEBVPN_PRIMARY_PASSWORD
domain: domain.local
username: CSCO_WEBVPN_PRIMARY_USERNAME
LoginBtn: Log+On (also tried Log On)
StateContext: field is blank
saveCredentials: false

Has anyone been able to get this working? On my end, I do reach the log on page but nothing happens.

Cedrik · ‎06-06-2022

Hi,

It has been a while but yes, I was able to get this to work with the TAC. I left changed position since then so I don't know if it still works with more recent Storefront versions but here's what worked back then;

------------------------------

URL; yourStoreFrontURL/Citrix/StoreNameWeb/

Login page URL or Control ID/Class; control-id:loginBtn (did not test but this might be case sensitive)

Landing Page URL or Control ID; control-id:menuLogOffBtn (this is case sensitive)

Post Script; inject:if(!window.frames[0].document.getElementById("loginBtn")){var link=window.frames[0].document.getElementById("protocolhandler-detect-alreadyInstalledLink");if(link){link.click()}};

Form Parameters;

- username --> Value; CSCO_WEBVPN_USERNAME --> adapt to your environment

- password --> Value; CSCO_WEBVPN_PASSWORD --> adapt to your environment

- loginBtn --> Value; Log On (note that if your Storefront page is not in English, you need to change that accordingly)

Pre-login Page URL; https://yourStoreFrontURL/Citrix/StoreNameWeb/

Pre-login page Control ID/Class; control-class:skiplink

------------------------------

- This was for StoreFront 3.12 with XenApp 7.15 but I also tested it successfully with StoreFront 3.0 with XenApp 7.15 (Storefront 3.0 not supported with XenApp 7.15)

- The post script could be different for other XenApp versions

- The Pre-login Page URL can be in http if needed

View solution in original post

hovanics@salemhosp.com · ‎06-03-2022

Did you ever find a way to do this?

Cedrik · ‎06-06-2022

Hi,

It has been a while but yes, I was able to get this to work with the TAC. I left changed position since then so I don't know if it still works with more recent Storefront versions but here's what worked back then;

------------------------------

URL; yourStoreFrontURL/Citrix/StoreNameWeb/

Login page URL or Control ID/Class; control-id:loginBtn (did not test but this might be case sensitive)

Landing Page URL or Control ID; control-id:menuLogOffBtn (this is case sensitive)

Post Script; inject:if(!window.frames[0].document.getElementById("loginBtn")){var link=window.frames[0].document.getElementById("protocolhandler-detect-alreadyInstalledLink");if(link){link.click()}};

Form Parameters;

- username --> Value; CSCO_WEBVPN_USERNAME --> adapt to your environment

- password --> Value; CSCO_WEBVPN_PASSWORD --> adapt to your environment

- loginBtn --> Value; Log On (note that if your Storefront page is not in English, you need to change that accordingly)

Pre-login Page URL; https://yourStoreFrontURL/Citrix/StoreNameWeb/

Pre-login page Control ID/Class; control-class:skiplink

------------------------------

- This was for StoreFront 3.12 with XenApp 7.15 but I also tested it successfully with StoreFront 3.0 with XenApp 7.15 (Storefront 3.0 not supported with XenApp 7.15)

- The post script could be different for other XenApp versions

- The Pre-login Page URL can be in http if needed