CitrixIGELOSSecurity

Logoff from Storefront at specified time.

logon

When the user is logged in trough Active Directory in Citrix Storefront, you have several option in Igel to log off from that session.

You can make a policy to log off everytime user closes Xendesktop session , but sometimes you just want the user logs off because he has a problem with his desktop and you want he logs on again.

Then, this is very annoying for the user who needs to log on twice.

What can we do?

We can use this script provided by Jake Snyder at Igel Community.

#!/bin/bash
#
# Daemon script to monitor and logoff Citrix StoreFront when there 
# is no active Citrix session running. The script is designed for 
# use with the native Citrix Receiver on IGEL Linux. The logic tests 
# for the first returned application/desktop returned from StoreFront 
# or Program Neighborhood (pnapp0_0) and if there is no active ICA 
# session, call pnlogoff. 
#
# If the IGEL is configured to authenticate against AD/LDAP, then 
# the script will also logoff the domain.  In such cases, it is 
# recommended that the Citrix StoreFront/XenApp Logoff be removed 
# from the IGEL desktop because Domain Logoff will accomplish the task.
# 
# The timeout and the frequency for which the StoreFront connection is 
# maintained can be passed to the command. These parameters are set in 
# seconds. If not added to the command line, an inactive the StoreFront 
# will timeout in 60 seconds.
#
# To implement the StoreFront connection monitor, copy this script to 
# /wfs/bin/ directory.  Add a Custom Application, and set the Application 
# to Autostart; no other start methods are recommended. Use setsid to 
# launch the script. As an example, the following will logoff StoreFront 
# after 120 seconds of inactivity:
#
#     setsid /wfs/bin/pnmonitor 120 2
#

TIMEOUT=$1 ; [[ ! $TIMEOUT =~ ^[0-9]+$ ]] || [[ $TIMEOUT -eq 0 ]] && TIMEOUT=60
INCREMENT=$2 ; [[ ! $INCREMENT =~ ^[0-9]+$ ]] || [[ $INCREMENT -eq 0 ]] && INCREMENT=2

echo "Connection timeout set to $TIMEOUT seconds."
echo "Timer increment set to $INCREMENT seconds."

while : ; do
[ ! $ACTIVE_SESSION ] && echo "Not logged into Citrix StoreFront..."
if [ -f /config/sessions/pnapp0_0 ] ; then
   TIMER=0
   ACTIVE_SESSION=`ps ax | grep wfica_orig | grep -v grep | head -n 1 | awk '{print $1}'`
   echo "Logged into Citrix StoreFront..."
   while [ -z "$ACTIVE_SESSION" ] ; do
      if [ "$TIMER" -ge "$TIMEOUT" ] ; then
         echo "Inactive Citrix logging off..."
         [ -f /config/sessions/pnapp0_0 ] && . /config/sessions/pnlogoff0
         [ "`get auth.login.krb5`" == "true" ] && /config/bin/setup_cmd /usr/bin/logoff
         sleep 2
         echo "Inactive Citrix logged off."
         break
      else
         ACTIVE_SESSION=`ps ax | grep wfica_orig | grep -v grep | head -n 1 | awk '{print $1}'`
         sleep "$INCREMENT" ; TIMER=$((TIMER+$INCREMENT))
         echo "Inactive Citrix timer running...$TIMER"
         [ ! -f /config/sessions/pnapp0_0 ] && break
      fi
   done
fi
sleep "$INCREMENT"
done

With this script you can specify how much time you allow to the user be logged in the Storefront before it logs off.

The counter is started after you have not activity in the Igel device.

To make this possible I have to create a new file:

Next, we have to create a New Profile

We are running the command after the Citrix XenDesktop session is closed, in Final Desktop Command.

setsid /wfs/bin/pnmonitor 300 2

We are allowing 300 seconds of inactivity after the user is logged off automatically. As you know , you can change this time as you want.

Now, just apply the File and the New Profile created to the device you want .

Comments (2)

  1. Hi Daniel,

    Thanks for your informative article!
    Do you think it’s possible to create a inactivity timer when using appliance mode in igel OS 11 with Citrix Selfservice ?
    I have found out that if you authenticate and do not start any desktop/app you will stay logged on.
    Session timout from storefront is not obeyed.

    Thanks,

    Edwin

  2. Hi Daniel,
    When using appliance mode with ctx selfservice a user stay authenticated ‘forever’ if he/she logs on but does not start any desktop or app. Is it possible to change your script and let it run after authentication to storefront ?
    It’s strange because ther is a session timeout on the storefront store on the serverside but this does not work.

    Thanks,

    Edwin

Comment here