I have an ASA with WebVPN and am trying to fend of a CAG install. I have SSO for the Citrix WebInterface partially working. The fields setup in the bookmark POST are:
Now this works, believe it or not, but you have to click the bookmark (and see the Citrix Login page), click back to portal, then bookmark again. Then I can see the Citrix web interface apps with no problem, and the ASA logged me in.
At that point the Smart tunnel works great for icaweb32.exe and everything is kosher.
But you have to click twice. Why the ASA doesn't actually behave like a browser, I don't know, but something is wrong with the auth or cookie exchange or something.