Architecting, installing and maintaining your SAS environment

IWA in a Citrix XenApp Streaming environment

Accepted Solution Solved
Reply
Super Contributor
Posts: 441
Accepted Solution

IWA in a Citrix XenApp Streaming environment

Hi all,

We are in the process of deploying SAS 9.3M2 clients in our Citrix streaming environment. Users can start their SAS clients (EG, SMC, DIS, ...) from a browser portal. This works OK but we cannot get Kerberos based IWA to work in all situations. The browser portal defaults to so-called Pass-through Authentication where the user's current Windows authentication is passed to the client. IWA however does not work in that scenario. If I use the other option called Explicit Authentication I am prompted for account name and password it does work. This is however not very useful as most users have smartcard or Securid tokens and no passwords.

I have concluded that in the pass-through situation no ticket granting ticket (TGT) is present in the streamed session. This apparently disables SAS' ability to use IWA. When explicit authentication is used a TGT is present and IWA works. I am now in the traditional catch between software provider and our IT support people who are both arguing the opposite party has to do things to make it work. I tend to believe SAS but cannot substantiate that enough.

Did anyone manage to get this working or can tell me it never will? Any ideas?

Regards, Jan.

PS: I was told the official SAS support policy on streaming presentation technology has been relaxed and SAS will now work with the customer to resolve issues involving this technology. We have a track open with SAS support but I think an inquiry within the community can still help.


Accepted Solutions
Solution
‎09-01-2014 11:28 AM
Super Contributor
Posts: 441

Re: IWA in a Citrix XenApp Streaming environment

Posted in reply to jklaverstijn

Hi me,

Just a quick self-reply to put this behind me. Since this the company has moved to what's called XenApp-as-a-service (XaaS) and we moved up to SAS 9.4M1. Another attempt was made to get it running and lo and behold it worked straight from the bat. Do keep in mind that the SPN's must exist and match for both hostnames AND dsn aliasses. Only then SAS will guess the proper SPN and the user needs not enter the SPN in the advanced tab of the logon dialog.

- Jan

View solution in original post


All Replies
Solution
‎09-01-2014 11:28 AM
Super Contributor
Posts: 441

Re: IWA in a Citrix XenApp Streaming environment

Posted in reply to jklaverstijn

Hi me,

Just a quick self-reply to put this behind me. Since this the company has moved to what's called XenApp-as-a-service (XaaS) and we moved up to SAS 9.4M1. Another attempt was made to get it running and lo and behold it worked straight from the bat. Do keep in mind that the SPN's must exist and match for both hostnames AND dsn aliasses. Only then SAS will guess the proper SPN and the user needs not enter the SPN in the advanced tab of the logon dialog.

- Jan

🔒 This topic is solved and locked.

Need further help from the community? Please ask a new question.

Discussion stats
  • 1 reply
  • 484 views
  • 0 likes
  • 1 in conversation