F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Jun 02, 2015

There are couple of ways to handle it. If you keep Storefront, then there is no need for APM to use KDC, as StoreFront will use Gateway authentication mechanism and grab the username from APM in that call - but, of course the challenge of starting user's ICA session without password(i.e. using same KCD mechanism as what worked in 6.5) is still there - as it does not work. When APM acts as Storefront replacement, it is also capable of sending a Kerberos ticket to the DDC if needed - that has been supported since 11.4.0.

 

The culprit here though is Citrix backend infrastructure. It simply does not support/allow for the same legacy way of using Kerberos to launch XA apps in the current versions - and I have not heard of them bringing it back - although if they do, it would be very interesting and good for quite a few customers, I'd imagine.