Forum Discussion
NimbostratusCitrix VDI, SSO credential caching issue - 11.5.1 build 7.0.167
Hi All,
I would like some adive on the following. We publish our storefront server behind F5 APM. A user logs on to a custom logon page, credentials are cached, and used for SSO into the citrix environment. So far no problems here.
Issue:
A user logon on from an available thin client. After a while, the user leaves this desk, for a few hours. The flex working principals, say any other user can use that desk and thin client after say 30 minutes. Citrix expires the storefront session after 3 minutes. It displays that the session has timed-out, and the user needs to logon again. After clicking the logon button, the cached credentials from the previous user are beiing used. this poses a security threat.
Is there a way to expire the session credentials after a certain amount of time? Any other suggestions are welcom to solve this,
thanks Sander
3 Replies
Michael_Koyfma1Cirrus
It sounds like your APM session is not timing out. Change the access policy inactivity timeout to be 3 mins and the policy should terminate and ask the user to authenticate again.
Sander_-_PortaaHI Michael,
Changed the setting to 30 secs just to test, no luck. Store front page is still displayed, and when pressing the logon button, storefront uses the SSO data to sign in again.
thanks Sander
- Michael_Koyfma1In that case, you might want to open a support case to investigate - idle timeout in the APM policy should terminate your session and prevent this from happening - so it is most likely a misconfiguration somewhere. Also, as a side note, you are running a pretty old version of code. For Citrix deployments in general, we currently highly recommend 11.6.0 HF5 or higher.
