When using Storefront and SAML or smart card authentication, after the user logs off or the session times out, if the user tries to log back in an error is displayed.

With Smartcard the error is

You cannot log on using a smart card

Please close your browser to protect your account

SAML authentication, the error is:

It is recommended that users close their browser after logging off from smart card or SAML.

For smart card this is because the browser may cache the token or PIN. 

For SAML this is because when you log out of StoreFront it does not perform a single log out with the SAML provider so they may have an active session.

In either case, If the user was allowed to go back to the log in screen, they may be logged in automaticaly with the cached information.

If you have verified that your smartcard or 3rd party IdP session have not been cached and you wish users to be able to log back in without closing their browser, you can modify StoreFront to allow users to log back in. This change is not supported or recommended due to the security implications.

Solution 1: Add setting "CTXS.allowReloginWithoutBrowserClose = true" 

1. In StoreFront server, move to C:\inetpub\wwwroot\Citrix\<StoreName>Web\custom .
2. Right click script.js and add below content to the end of the file. 
   • CTXS.allowReloginWithoutBrowserClose = true 
3. Save file
4. Run command "iisreset" 

Solution 2: Applies to ADC scenario only

1. In the ADC server, move to /var/netscaler/logon/LogonPoint/custom/script.js
2. Right click script.js and add below content to the end of the file. 
   • CTXS.allowReloginWithoutBrowserClose = true 
3. Save file

Problem Cause