Smart cards

You can use a smart card connected to the client device for authentication when logging on to a Linux virtual desktop session. This feature is implemented through smart card redirection over the ICA smart card virtual channel. You can also use the smart card within the session. Use cases include adding a digital signature to a document, encrypting or decrypting an email, and authenticating to a website.

The Linux VDA uses the same configuration as the Windows VDA for this feature. For more information, see the Configure the smart card environment section in this article.

Note:

Using a mapped smart card within a Linux VDA session to sign on to Citrix Gateway isn’t supported.

Prerequisites

The availability of smart card pass-through authentication is contingent on the following conditions:

• Your Linux VDA is installed on one of the following distributions:

  • RHEL 8
  • RHEL 7/CentOS 7
  • Ubuntu 20.04
  • Ubuntu 18.04
  • Debian 11.3
  • Debian 10.9

  After you complete installing the VDA, verify that your VDA can register with the Delivery Controller and you can open the published Linux desktop sessions using Windows credentials.

• Smart cards supported by OpenSC are used. For more information, see Ensure that OpenSC supports your smart card.

• Citrix Workspace app for Windows is used.

Ensure that OpenSC supports your smart card

OpenSC is a widely used smart card driver on RHEL 7.4+. As a fully compatible replacement of CoolKey, OpenSC supports many types of smart cards (see Smart Card Support in Red Hat Enterprise Linux).

In this article, the YubiKey 4 smart card is used as an example to illustrate the configuration. YubiKey 4 is an all-in-one USB CCID PIV device that can easily be purchased from Amazon or other retail vendors. The OpenSC driver supports YubiKey 4.

If your organization requires some other more advanced smart card, prepare a physical machine with a supported Linux distribution and the OpenSC package installed. For information about the OpenSC installation, see Install the smart card driver. Insert your smart card, and run the following command to verify that OpenSC supports your smart card:

pkcs11-tool --module opensc-pkcs11.so --list-slots
<!--NeedCopy-->