Citrix StoreFront logon process

Once the user enters the credentials the authentication service of StoreFront fetches the user credentials and validates them with a domain controller. So the StoreFront servers must reside either within the Active Directory domain containing the user accounts or within a domain that has a trust relationship with the user accounts domain.

StoreFront checks the Datastore for existing user subscriptions and stores them in memory.

The Web Interface / StoreFront forwards the user credentials as part of a XML query to the backend systems, such as XenApp, XenDesktop, App Controller or VDI-in-a-Box sequentially.

The Citrix Delivery Controller validates the user credentials with a domain controller and checks which resources have been published to the user within its database.

The Citrix Delivery Controller sends an XML response to Web Interface / StoreFront which contains all resources available for the user from the Citrix site.

StoreFront sends the list of available resources and the existing subscriptions to the Citrix Receiver installed locally or displays them in Receiver for Web and the user can access the resource.

StoreFront 2.5 supports parallel resource enumeration. When enabled, StoreFront sends out enumeration requests to all farms/sites at the same time and aggregates responses when all farms/sites have responded. This should provide faster responses to user queries when aggregating multiple farms/sites. If explicit Active Directory credentials are used to authenticate users, StoreFront sends user credentials to the XenApp farms/XenDesktop sites. To minimize the risk of user accounts being locked out as a result of parallel enumeration, StoreFront validates user credentials with Active Directory immediately before sending out enumeration requests.

When user clicks on an application or desktop icon to launch it in Citrix website, a spinner is displayed and any clicks on the same icon are ignored while the spinner is spinning. Hence user cannot unintentionally launch multiple instances of the same application/desktop. The default time period for the spinner is fixed for three seconds and can be changed by editing custom.script.js in the contrib folder under the Receiver for Web site.

About Murugan B Iyyappan

Working as a Consultant - Citrix solutions architect with 18 years of experience in the IT industry. Expertise in Citrix products and Windows platform.

View all posts by Murugan B Iyyappan →

4 Responses to Citrix StoreFront logon process

Pranav says:

November 1, 2015 at 11:35 am

Hi Murugan, thanks for all the information given above. But still it is somehow unclear to me that what exact difference is there between storefront and web interface? As per my understanding there is only difference that Storefront will directly query Active directory for authenticating user login details and web console will send them to controller and it will reach AD for authentication?

Please correct me if I am wrong.

- Murugan B Iyyappan says:
  
  November 30, 2015 at 10:36 pm
  
  The SF has the capability to verify user credential with AD, but WI doesn’t. WI is built with Java and SF is based on Dot Net technology
  
Rahul says:

November 30, 2015 at 11:28 am

Hi,
Any reason why there are 2 times authentication taking place.. “The authentication service of StoreFront fetches the user credentials and validates them with a domain controller” Again in the “xendesktop controller validates the user credentials with the domain controller”.
Any reason behind this?

Thanks,

- Murugan B Iyyappan says:
  
  November 30, 2015 at 10:12 pm
  
  Hi Rahul, SF checks the credential and display the apps to which user is subscribed for. XD check with the AD for the group and policies to be applied before launching the application.
  Thanks