In this scenario, Citrix Receiver 13.1 or newer is required. The root certificate of the web server certificate used by the StoreFront server has to be known as the trusted root certificate on the thin client (- see How-To Deploying Trusted Root Certificates, Certificate Type SSL Certificate).

  1. Choose Storefront as Citrix server type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/WebInterface > Server.
  2. Specify the Server Location.

    Server Location

  3. Choose Smartcard authentication as Authentication type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/WebInterface > Logon.

    Authentication type


    When used in combination with Active Directory Logon the enabled Use Passthrough authentication activates single sign on with smartcard.


  4. Select the appropriate PKCS#11 module for the smartcard Security > Smartcard > Middleware.
    • Gemalto/SafeNet eToken
    • cryptovision sc/interface
    • Gemalto IDPrime
    • Athena IDProtect
    • A.E.T. SafeSign
    • Secmaker Net iD
    • Custom PKCS#11 Module

    For the CoolKey cryptographic library, plesae refer to the FAQ Using a Custom PKCS#11 Library.