Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Adaptive Security Appliance (ASA) with single sign-on (SSO) does not work for Citrix published applications

Core issue

Once a user logs into Citrix, they should not be prompted for another login for any published application. However, if the administartor disables auto-signon on the ASA with Citrix pass-through, then the user has to login three times:

  • ASA
  • Citrix web interface
  • Published application

If the administartor disables auto-signon on the ASA with Citrix Explicit Login mode, then the customer must login twice:
  • ASA
  • Citrix web interface


At this time, this feature is not supported on the ASA.

Citrix pass-through authentication requires a domain field when the published application is launched. The SSO only passes the Citrix web interface login. But when the published application sends a auth challenge with the domain, there is no domain support with SSO.

For additional help on SSO, refer to Using Single Sign-on with WebVPN.

For a configuration example, refer to ASA with WebVPN and Single Sign-on using ASDM and NTLMv1.