When both the 'Enhanced Domain Passthrough for Single Sign-On (SSO)' and Session Watermark policies are enabled, the username displayed during login appears as 'CitrixRcgUser' instead of the actual LogonUserName.

When both the 'Enhanced Domain Passthrough for Single Sign-On (SSO)' and Session Watermark policies are enabled, the username displayed during login appears as 'CitrixRcgUser' instead of the actual LogonUserName.

book

Article ID: CTX694782

calendar_today

Updated On:

Description

When both the 'Enhanced Domain Passthrough for Single Sign-On (SSO)' and Session Watermark policies are enabled, the username displayed during login appears as 'CitrixRcgUser' instead of the actual LogonUserName.

This behavior is by design. When Enhanced Domain Passthrough for SSO is enabled, the client’s Windows logon credentials are not captured during the session launch. Instead, the VDA obtains the username and domain information after the user has logged in.

However, the watermark bitmap is generated much earlier, prior to the user logon process. As a result, the actual username is not yet available at the time the watermark is created, leading to the default display of 'CitrixRcgUser'.

Cause

Design of 'Enhanced Domain Passthrough for Single Sign-On (SSO)' and Session Watermark  features

Resolution

Citrix Engineering is aware of this behavior and is actively working on a solution, which is expected to be implemented in a future release.

Issue/Introduction

When both the 'Enhanced Domain Passthrough for Single Sign-On (SSO)' and Session Watermark policies are enabled, the username displayed during login appears as 'CitrixRcgUser' instead of the actual LogonUserName.

Additional Information

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings/session-watermark-policy-setting.html

https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/domain-passthrough-for-single-sign-on.html

 

Powered by Wolken Software