While the main new features of StoreFront 2.5 have been extensively covered (Citrix blog post here), I found a new addition has been quietly slipped in and because at the time of writing the Citrix eDocs site has not been updated for StoreFront 2.5, it caught me out.
If you have setup StoreFront and NetScaler Gateway before you will be familiar with the process of adding the NetScaler Gateway settings, which also adds the corresponding Authentication Method “Pass-though from NetScaler Gateway” under the Authentication pane. Here’s the new bit though – in the Receiver for Web pane, there is now a separate Authentication Methods option just for Receiver for Web. And when you add a NetScaler Gateway to your deployment and check the “Pass-though from NetScaler Gateway” authentication option under the Authentication pane, it doesn’t automatically enable the same option in the Receiver for Web pane.
For reference, the symptoms of not having this configured correctly are logging on to the NetScaler, then being prompted again for credentials by StoreFront. However StoreFront still will not log you in, and you get a message in the event log of your StoreFront server similar to:
"Gateway data from the request and the authentication token are not matching. Request was made to store XYZ Apps."
So there you have it – make sure you check this option under both the Authentication and Receiver for Web panes, I hope the time I burned figuring this out will save someone else wasting their time!