In this scenario, Citrix Receiver 13.1 or newer is required. The root certificate of the web server certificate used by the StoreFront server has to be known as the trusted root certificate on the thin client (- see How-To Deploying Trusted Root Certificates, Certificate Type SSL Certificate).
Choose Storefront as Citrix server type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/WebInterface > Server.
Specify the Server Location.
Choose Smartcard authentication as Authentication type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/WebInterface > Logon.
When used in combination with Active Directory Logon the enabled Use Passthrough authentication activates single sign on with smartcard.
Select the appropriate PKCS#11 module for the smartcard Security > Smartcard > Middleware.