In this scenario, Citrix Receiver 13.1 or newer is required. The root certificate of the web server certificate used by the StoreFront server has to be known as the trusted root certificate on the thin client - see Deploying Trusted Root Certificates, Certificate Type SSL Certificate.

  1. Choose StoreFront as Citrix server type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/Web Interface > Server.
  2. Specify the Server Location.

  3. Choose Smartcard authentication as Authentication type under Sessions > Citrix XenDesktop/XenApp > Citrix StoreFront/Web Interface > Login.

    When used in combination with Active Directory Logon the enabled Use Passthrough authentication activates single sign-on with smartcard.
  4. Select the appropriate PKCS#11 module for the smartcard Security > Smartcard > Middleware.
    • Gemalto/SafeNet eToken
    • cryptovision sc/interface
    • Gemalto IDPrime
    • Athena IDProtect
    • A.E.T. SafeSign
    • Secmaker Net iD
    • Custom PKCS#11 module. See here also Using a Custom PKCS#11 Library.