Step By Step Guide to Single Sign-On to Storefront in Clientless Access Mode
While playing in my Lab with the Citrix NetScaler Unified Gateway I encountered the following problem. Within Clientless Access mode I could not access the Storefront Server. To be honest it wasn’t working at all.
Google Chrome showed me the following screen
While the Internet Explorer gave me at least an error.
Since the ICA Proxy Mode worked very well I started digging Thanks to Maik Steppeler from Citrix who helped with the last missing piece of this jigsaw! I assume you have the NetScaler Gateway & the Storefront up and running. I assume also that you have everything configured till a point where “it should be working” 😉 If not please ping me.
At first we start on the Storefront Server(s). We navigate to the web.config file within your Webstore Folder. Something like this C:\inetpub\wwwroot\Citrix\YourStoreWeb.
You will find the followings entry three times:
<add name=”X-Frame-Options” value=”deny” />
<add name=”Content-Security-Policy” value=”frame-ancestors ‘none'” />
If you are only using the Internet Explorer you have to change the Value within “<add name=”X-Frame-Options” value=”deny” />” from deny to allow. If you and your user are also using Chrome or FireFox you will also have to change <add name=”Content-Security-Policy” value=”frame-ancestors ‘none'” /> from none to self.
After editing it should look like this:
Now restart you IIS. Also make sure you enabled Remote Access in your Storefront Store.
We are now switching to the NetScaler. Within the NetScaler change to your Session Profile and enable “Single Sign-on to Web Applications” if this is not already enabled.
Go back to the Global Settings of the NetScaler Gateway and go to “Configure Domains for Clientless Access”
And under “Allow Domains” add your local Domain.
That’s it! If you now login and change to your Application section you will see your Applications published through Storefont without providing additional credentials!