Smart Card Key Containers Cached on Citrix

301 views Asked by At

I am trying to use smart cards over a Citrix XenApp connection. In the case that there are multiple certificates in the personal certificate store after the certificate propagation service pulls the certificate off of the smart card, I need to identify the certificate belonging to the smart card that is currently inserted. I'm currently using a solution based on the answer to this question, in which I check the public keys of the containers I can see through CryptGetProvParam, and cross reference those keys against the certificates I have short listed.

The problem that I am having is that, only through XenApp, the list of containers obtained through CryptGetProvParam is always the list of containers from the first smart card seen during the current XenApp session. No matter how many times I switch cards, the list of containers is the same. Interestingly, the list of containers will not load while no card is inserted, and certificate propagation still pulls the correct certificates off the new smart cards that get inserted. My application can expect to be used by multiple users in a single XenApp session, who remove their smart cards when they are done to log out and then the next user inserts their card to log in and start their workflows. This means that, when we get the list of containers to try and choose which certificate to use for login, we get a list belonging to the first card, and so the system tries to use the first user's certificate, even if that certificate and/or card are no longer present.

So far I've tried several different versions of Citrix Receiver, and nothing on Citrix Server seems to be the problem. This issue does not present over XenDesktop, RDP, VM, or on base machines; only XenApp is affected. Are there any known issues in this area?

0

There are 0 answers