IBM Support

IV31462: CUSTOMER NEEDS TO LOGIN TWICE WHEN CONNECTING VIA CITRIX THIN CLIENT

A fix is available

8.2.0-ISS-SAMESSO-AA-FP0014

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • AA 8.2
Citrix Xenapp 6.5

We are using ESSO on Windows workstations, then Citrix thin
client to access other hosts. (These other hosts also have ISAM
ESSO AccessAgent   installed)

Single Sign-On these other hosts with the thin client only works
some of the time. Getting it to work, or to fail, is not
predictable.

Successful outcome:  Open Citrix client and log in to host
through ESSO  GINA. User must enter password once.
Unsuccessful outcome: Open Citrix client and log in to host
through ESSO GINA. After this, with Windows GINA is shown. User
must enter password twice (as AA is not entering Windows
password)


Detailed test cases:
Case1,
-> Log in to cisco VPN on laptop
-> RDP to test workstation (x.x.24.251)
-> Log in as sitauser1 (through ESSO GINA)
-> Connect to the same workstation or another one, using Citrix
-> Go to Start > Lock
> Unlock
-> Enter ESSO password
-> MS GINA is displayed, password is NOT injected by AA
-> Have to enter password into MS GINA to log in

Case2,

1>     User1 logon to critix.
2>     Then close the connect to critix directly, not log off.
3>     Next time logon back, unlock will have issue.

Local fix

  • 



Problem summary


    

  • When logging on to AccessAgent from a Citrix thin client, the
Windows password is sometimes not injected.

    



Problem conclusion



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV31462
    • 

  • Reported component name
    SSO ACCESS AGEN
    • 

  • Reported component ID
    5724V67AG
    • 

  • Reported release
    820
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2012-11-07
    • 

  • Closed date
    2012-11-23
    • 

  • Last modified date
    2012-11-23
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SSO ACCESS AGEN
    • 

  • Fixed component ID
    5724V67AG
    • 



Applicable component levels


    

  • R820  PSY
       UP
    • 








      
              
                            

              

              [{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"820"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            01 October 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback