I spent a lot of time trying to figure out how to get pass-through authentication on Citrix to work so that my users could just go to the web-interface, automatically login and see their applications and be able to run the apps without having a login appear at the server. I finally got it to work.
Seems like all over the web the posts and comments said that pass-through wouldn't work without the full program neighborhood client, but in my case it appears to be working with only the web client... and I've done this on more than one computer here. If you download the client install from citrix.com and install it, you are given the option to install the web client, program neighborhood and program neighborhood agent. I have only been installing the web client.
First of all, I set the authentication method on the web-interface to pass-through. This allowed people to go to the URL and auto-login to see their apps. This part was easy, but the problem was that even though this worked, users were still presented with a login box when they ran an app. The login came from the server with the application itself, which made sense. So this means that the ICA client needs to know to go ahead and pass credentials onward. There is a key file that has to be modified to do this.
Look for APPSRV.ini in this location:
C:\Documents and Settings\USERNAME\Application Data\ICAClient
Open that file and add the following lines under [WFClient]:
EnableSSOnThruICAFile=On
SSOnUserSetting=On
Now you should be able to go to your citrix web interface URL, be automatically logged in, see your apps, click an app and the ICA file is opened by the client and your credentials are passed onto the server. This works like a charm and is going to make our Citrix deployment much nicer.
In a little more than a week I will be off to Citrix Administrator training for a week!