SAML with limit visibility on the application on the Delivery Controller using a Security Group

SAML with limit visibility on the application on the Delivery Controller using a Security Group

book

Article ID: CTX227760

calendar_today

Updated On:

Description

  • When we publish new App in Delivery Group that uses SAML and set limit visibility on the application for an Active Directory Security Group, application icon will not enumerate.
  • The application will enumerate  when through Storefront Server.
  • If user is added explicitly to the application visibility, the application Enumeration works.

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

  • On the StoreFront Server.
  • Open the Registry Editor
  • Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\
  • Create a new DWORD "CacheS4UTickets" and set the decimal value to 0 to disable it.
  • Reset the IIS.

 

Problem Cause

  • The results of XML Service SID enumeration might be cached because of Kerberos ticket caching, causing a delay in changes to users’ group memberships being reflected in their available published resources. By default, the duration of this caching is 15 minutes

Issue/Introduction

SAML with limit visibility on the application on the Delivery Controller using a Security Group
Powered by Wolken Software