Citrix Plug In Chrome

by



Citrix Browser Content Redirection – Part 2

In Part 2 (Part 1 can be found here) of this series, we will dig deeper into BCR and take a look at how to configure it for more complex scenarios like Microsoft Teams or Stream.

The Citrix Receiver Tech Preview for Chrome OS, available on the Chrome Web Store, is a free client app for businesses that use Citrix virtualization to host desktops and applications in the data. Versioni del Citrix Online plug-in subito dopo versione 11, tra cui Citrix Online plug-in versione 12 e 12.1, non funzionano con Google Chrome. Nelle varie versioni del software Citrix, potete trovare Google Chrome non risponde, come indicato dal display del caratteristico 'Aw, Snap!' Chrome Citrix Plugin Software TreeClicks v.1.3 TreeClicks is a browser extension that plants free trees while shopping online at your favorite shop. 50k+ connected shops. Shopping prices remain the same. Problem installing the Citrix Online Plug-in on Windows 10 (Citrix Receiver on Windows) The last days I had some troubles with my own Windows 10 Enterprise when I wanted to start a Citrix Desktop in Internet Explorer (also in Google Chrome and Mozilla Firefox).

Citrix Plug In Chrome Extensions

  • Basic knowledge of how to use the Developer Tools in your browser
  • Set your Developer Tools to preserve data on redirect
  • (Optional) Install Fiddler, this can be used to debug BCR

To understand how to configure BCR later on we must first understand how the authentication is working on the website you want to redirect. This can simply be done with the Developer Tools of the most common browsers like Chrome or Firefox.

Citrix Plug In Edge

Let’s first take a look at Microsoft Teams. Activate your Developer Tools by pressing F12 and browse to https://teams.microsoft.com/

You can see that you will first hit the Teams website but then you are immediately redirected to the Microsoft Login page. If you look closer at the login URL you will notice it will also have the URL we were redirected from in it. This is essential information we will use later on.

After you fill in your e-mail address 2 things can happen:

  • You will be authenticated by Microsoft
  • You will be redirected to your ADFS server (like https://adfs.company.com)

After successful authentication, you will be redirected back to the Teams website.

Citrix plug in chromebook

Citrix Plug In Chrome Download

Citrix Plug In Chrome

Now it’s all about the policies

To get Microsoft Teams working correctly we must set some BCR policies to tell BCR which website to redirect. For Microsoft Teams this is a bit different than other websites as Microsoft Teams directly redirects us to the Microsoft Login page. This redirect is happening so fast (within milliseconds) that the BCR extension can’t inject the HdxVideo.js in time. Due to this fact it is best to start BCR on the login page, this can be done by adding the following website to the BCR Whitelist:

But the issue with adding this website to the BCR whitelist is that ALL Microsoft login pages will be redirected with BCR. So it is better to just redirect it for Teams, which will bring us back to the original login URL which had the redirect_uri=https%3A%2F%2Fteams.microsoft.com part in it. To match BCR only to the Teams login page we simply change the BCR Whitelist URL to:

The next step is to add your ADFS server to the policies as a Authentication Site. With this policy you tell BCR to remain active (redirected to the Client) for the redirect to your ADFS. So, in general, a Authentication Site must always be a Child site (redirect) of a Whitelisted URL.

The last part of our flow is the redirect back to https://teams.microsoft.com/. Due to the fact that this is also a website, we also must add this website to our Authentication Site policy.

Plug

As I mentioned in Part 1 of this series I recently had a customer which used a lot of local media. Due to the lack of GPU power the playback experience was terrible. As this customer had an Office 365 subscription, an alternative for them was to switch to Microsoft Stream which is included in most O365 subscriptions (source). Microsoft Stream gave the customer 500 GB of storage + 0.5 GB per user. So with 500 users they could store 750 GB of video content, which was more than sufficient. The only trick which had to be done is configure BCR to redirect Stream to the local endpoint.

Citrix Plug In Chrome Free

So by following the same steps as Teams we can see the following flow:

Enable citrix plugin in chrome
  1. User browses to: https://stream.microsoft.com
  2. User clicks login
  3. Redirected to: https://login.microsoftonline.com/common/oauth2/authorize?response_type=id_token&client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&redirect_uri=https%3A%2F%2Fstream.microsoft.com%2Fgo&state=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&&client-request-id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&x-client-SKU=Js&x-client-Ver=1.0.9&nonce=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&domain_hint=
  4. Redirected to: https://adfs.company.com
  5. After Authentication redirected to: https://web.microsoftstream.com/

With BCR you can almost redirect any website you can think of to the local endpoint. The only trick is finding the correct flow, especially the Authentication and Redirects, and setting the correct BCR policies.
Sometimes the built-in developer tools of your browser are just not enough to find the correct flow, in those cases just use a tool like Fiddler to capture all the web traffic (and even look into https streams).

Currently, with Citrix Virtual Apps and Desktops 1811 there are a few limitations with BCR:

  • No support (yet?) for Firefox or Microsoft Edge.
  • Different DPI scaling on Endpoint / VDA can lead to bad scaling of BCR. So for example Endpoint 100% VDA on 200%. To fix this you must set the following registry key on the Endpoint:
  • 401-Authentication is not supported / working. This results in a completely white page as BCR is unable to capture the Authentication popup. ( I have lost quite some time with this issue as I had trouble finding out why I got a “blank” page).
  • Copying & Pasting text on redirected pages is only supported on Chrome and can only be done with CTRL+C / CTRL+V.
  • Printing on redirected pages is not possible.
  • Downloads are disabled on redirected pages.
  • Complete full-screen is not easily achieved, this requires pressing F11 in Chrome.
  • In IE11 while redirection YouTube full-screen might not work. Use the Theater mode instead ( or use Chrome).
  • For media content only the following containers and codecs are supported:

Conclusion

Browser Content Redirection is not a very complex product but it requires some basic knowledge to determine which policies must be set. But after having done a few websites you will learn the trick.

Citrix does a good job by keeping a support article up-to-date with the most commonly redirected websites, so if you want to start with BCR it is a smart starting point. The article can be found here.

I want to thank Fernando Klurfan (Product Manager @ Citrix ) for reaching out to me (through a support case) and helping with my BCR journey (like Microsoft Stream). I hope Citrix will make BCR even a greater tool in the (near) feature by resolving some of the known limitations and adding support for all the 4 major browsers (Chrome / Firefox / IE11 / Edge).

  1. Does this definitely work on 7.15 LTSR CU3? I can’t get this to work at all. Here’s what I know:

    – Citrix HDX Browser Redirection Service running
    – Citrix HDX HTML5 Video Redirection Service running
    – VDA was on 7.15 LTSR CU1. Upgraded to CU3 via the command prompt parameters.
    – Citrix Browser Content Redirection addon installed on the VDA.
    – Endpoint device running the latest Citrix Workspace.
    – ADMX loaded into Central Store, GPO created:
    a) Browser Content Redirection = enabled
    b) Browser Content Redirection ACL Configuration enabled and set to * (also tried setting to https://youtube.com/*)

    – Also tried adding the following reg keys:
    a) (REG_DWORD) – WebBrowserRedirection = 1
    b) (REG_MULTI_SZ) – WebBrowserRedirectionACL = *

    Restarted VDA and still can’t get the redirection to work. What am I missing?

    • Forgot to mention, but I have already installed the Chrome BCR extension.

      I’ve also tested this in IE and it’s not working for me.

      “Enable Enhanced Protected Mode” is unticked
      “Enable third-party browser extensions” is ticked
      “Citrix HDXJsInjector” addon is enabled in Internet Explorer – confirmed this on both the VDA and also in the Citrix session itself.

      Client device has direct internet access. Can definitely load the same Youtube video.

  2. @Ricky

    run into the same Issue with 7.15 CU3 and IE 11. Ive also had enabled all requiered settings / policies but it want not work.

    But using wildcard is not allowed = -> WebBrowserRedirectionACL = * https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/policies/reference/ica-policy-settings/browser-content-redirection-policy-settings.html

  3. Can you post update for Teams with Chrome? Above does not work.

    Also, show Office 365 Sharepoint example too, we cannot get that to work with BCR at all.

  4. I also got it to work but only for Chrome. So youtube works great when using Chrome with the required plugin. Internet Explorer 11 does not. HDXBroserCef.exe apears on the client but nothing happens when using IE 11. CitrixHDXJsInjector is enabled on IE11.

    • IE 11 is working also with the help of Carl redirecting me to the Citrix how to troubleshoot site: https://support.citrix.com/article/CTX230052
      Next to support on other browsers I would like to see BCR working on a Chromebook or Mac OS.

    • For me it was the part about changing intranet setting in IE:

      “So, “Include all sites that bypass the proxy server” should be unchecked.
      Internet Properties –> Security –> Local Intranet –> Sites, and uncheck “Include all sites that bypass the proxy server”

      as stated in the following article:
      https://support.citrix.com/article/CTX230052

  5. Hello Rody,

    Thanks for the detail info.

    We have the same blank website issue as you stated under Current limitations. Did you find out what was the root cause of issue?

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A recent issue was brought to our attention by a client when a message appeared in the Chrome browser, stating that the Citrix Receiver plugin was not supported. I will walk you through the solution in this week’s post.

While accessing a Citrix StoreFront or Web Interface site in Google Chrome, you may see something like this:


This does not mean that Citrix will no longer support the Receiver. This is actually an issue with the Chrome browser. In order to improve security, Google has decided to disable NPAPI plugin support in the Chrome browser. This affects both Windows and Mac installations. This means that those Chrome plugins we have grown to love and count on will no longer work by default. “By default” is the operative statement here and I will get back to that.
Updates of Chrome as of April 2015 remove NPAPI support. This results of this change have already appeared for the Citrix Receiver. The Receiver Plugin is what checks to see if we already have a client installed and whether it is up to date. It is then responsible for launching applications/desktops when we click on the icon. The plugin is no longer running, so StoreFront will always ask you to install the receiver because it cannot tell if you have it:

Citrix Plug In Download

Citrix


This will also affect NetScaler implementations:
The next thing that will happen is you will not be able to launch an application by just clicking a presented icon. Instead, it will ask to be saved:
And you will have to click on the saved .ICA file to launch the application:
Annoying, isn’t it. So, how do we get around this?

  1. Upgrade to the latest and greatest. Unfortunately, the upgrade is not only on the client side. Citrix has just released updated versions of the Receiver (Windows Receiver ver. 4.3 and Mac Receiver ver. 12.0) and for StoreFront (ver. 3.0). The combination of the latest StoreFront and Receiver will work around this issue with Google Chrome and a similar issue with Microsoft Edge. I believe HTML 5 is used instead of a plugin, but I need to confirm that.
  2. Re-enable NPAPI support. (Note: This is opening up the security holes Google is trying to close. Do this at your own risk.) NPAPI support is disabled by default. We can change the default. Here is how:
    • In Chrome’s address bar, type “chrome://flags/#enable-npapi”:
    • In the list that appears, find “Enable NPAPI Mac, Windows” and click Enable:
    • Click the “Relaunch Now” button on the bottom of the screen. It appears after you make your changes:
    • After relaunch, you will probably still see the warning about the plugin being unsupported because that is part of Chrome. There is probably some way to get rid of it by modifying Chrome, but I am not getting into that here.

There you have it. I hope this helps. If you have any questions or comments, please feel free to leave them in the space below.You can also reach me directly by email.

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)| Sr. Network Consultant craig.kalty@customsystems.com

©2015 Custom Systems Corporation