Storebrowse

Note:

This article is applicable to on-premises deployments of Citrix Workspace only. For cloud deployements, see Storebrowse for Workspace documentation.

Storebrowse is a command-line utility that interacts between the client and the server. It’s used to authenticate all the operations within StoreFront and with Citrix Gateway.

Using the Storebrowse utility, administrators can automate the following operations:

  • Add a store.
  • List the published apps and desktops from a configured store.
  • Generate an ICA file by selecting any published virtual apps and desktops manually.
  • Generate an ICA file using the Storebrowse command line.
  • Launch the published application.

The Storebrowse utility is a part of the Authmanager component. When Citrix Workspace app installation is complete, the Storebrowse utility is in the AuthManager installation folder.

To confirm that the Storebrowse utility is installed along with the Authmanager component, check the following registry path:

When Citrix Workspace app is installed by administrators:

   
On a 32-bit machine [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager\Install]
On a 64-bit machine [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\AuthManager\Install]

When Citrix Workspace app is installed by users (non-administrators):

   
On a 32-bit machine [HKEY_CURRENT_USER\SOFTWARE\Citrix\AuthManager\Install]
On a 64-bit machine [HKEY_CURRENT_USER\SOFTWARE\WOW6432Node\Citrix\AuthManager\Install]

Requirements

  • Citrix Workspace app Version 1808 for Windows or later.
  • Minimum of 530 MB of free disk space.
  • 2 GB RAM.

Compatibility Matrix

Storebrowse utility is compatible with the following Operating systems:

Operating system
Windows 10 32-bit and 64-bit editions
Windows Server 2022
Windows Server 2016
Windows Server 2008 R2, 64-bit edition
Windows Server 2008 R2, 64-bit edition

Connections

Storebrowse utility supports the following types of connections:

  • HTTP store
  • HTTPS store
  • Citrix Gateway 11.0 and later

Note:

On an HTTP store, the Storebrowse utility does not accept credentials using the command-line.

Authentication methods

StoreFront servers

StoreFront supports different authentication methods to access stores, however, not all are recommended. For security purposes, some of the authentication methods are disabled by default while creating a store.

  • Username and Password: Enter the credentials to be authenticated to access stores. By default, Explicit authentication is enabled when you create your first store.
  • Domain Pass-through: After authenticating to the domain-joined windows computers, you’re automatically logged on to stores. To use this option, enable pass-through authentication when installing the Citrix Workspace app. For more information on domain pass-through, see Configuring Pass-through authentication.
  • HTTP Basic: This method is used by third-party client integrations and web portals, where an external user interface has been used to capture a domain-qualified user name and password. StoreFront uses the Basic Authentication feature in IIS to transport the credentials to the StoreFront server. StoreFront then uses either the Domain Services, or the Broker XML Service authentication to validate the credentials and to obtain the group information. For information on how to enable HTTP Basic authentication, see HTTP Basic in the Manage authentication methods documentation.
  • Advanced NetScaler policies for Storebrowse: Citrix Workspace app for Windows supports advanced policies on NetScaler Gateway with Storebrowse. The supported authentication protocol is LDAP authentication.

Note:

The nFactor authentication protocol isn’t supported with Storebrowse on Windows.

Storebrowse utility supports authentication methods in any of the following methods:

  • Using the AuthManager that is in-built along with the Storebrowse utility. Note: Enable the HTTP Basic authentication method on the StoreFront while working with the Storebrowse utility. This method applies when the user provides the credentials using the Storebrowse commands.
  • Use the Authmanager that is included with Citrix Workspace app for Windows. You can use this method, when you use domain pass-through authentication. For more information, see Domain pass-through authentication documentation.

Launch published desktop or application

You can now launch a resource directly from the store without having to use an ICA file.

Note:

You can’t open SaaS apps or published content using Storebrowse commands.

Command usage

The following section provides detailed information about the commands that you can use from the Storebrowse utility.

Add a store

-a, --addstore

Description:

Adds new store. Returns the full URL of the store. If the return fails, an error is reported.

Note:

Multi-store configuration is supported on the Storebrowse utility.

Command example on StoreFront:

Command:

storebrowse.exe –U *username* -P *password* -D *domain* -a *URL of Storefront*

Example:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –a [https://my.firstexamplestore.net](https://my.firstexamplestore.net)

Command example on Citrix Gateway:

Command:

storebrowse.exe –U *username* -P *password* -D *domain* -a *URL of CitrixGateway*

Example:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –a <https://mysecondexample.com>

Help

/?

Description:

Provides details on Storebrowse utility usage.

List store

(-l), --liststore

Description:

Lists the stores that are added by the user.

Command Example on StoreFront:

.\storebrowse.exe –l

Command Example on Citrix Gateway:

.\storebrowse.exe –l

Enumerate

(-M 0x2000 -E)

Description:

Enumerates resources.

Command example on StoreFront:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –M 0x2000 –E <https://my.firstexamplestore.net/Citrix/Store/discovery>

Command example on Citrix Gateway:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –M 0x2000 –E <https://my.secondexample.net>

Quick launch

-q, --quicklaunch

Description:

Generates the ICA file for published apps and desktops using the Storebrowse utility. The quicklaunch option requires a launch URL as an input along with the Store URL. The launch URL which can either be the StoreFront server or the Citrix Gateway URL. The ICA file is generated in the %LocalAppData%\Citrix\Storebrowse\cache directory.

You can get the launch URL for any published apps and desktops by running the following command:

.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery

A typical launch URL is as follows:

'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica

Command example on StoreFront:

.\storebrowse.exe –U {Username} –P {Password}–D {Domain} –q {Launch_URL_of_published_ apps and desktops }<https://my.firstexamplestore.net/Citrix/Store/resources/v2/Q2hJkOlmNoPQrSTV9y/launch/ica> <https://my.firstexamplestore.net/Citrix/Store/discovery>

Command example on Citrix Gateway:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –q {Launch_URL_of_published_ apps and desktops} <https://my.secondexmaplestore.com>

Launch

-L, --launch

Description:

Generates the required ICA file for published apps and desktops using the Storebrowse utility. The launch option requires the name of the resource along with the Store URL. The name which can either be the StoreFront server or the Citrix Gateway URL. The ICA file is generated in the %LocalAppData%\Citrix\Storebrowse\cache directory.

Run the following command to get the display name of the published apps and desktops:

.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery

This command results in the following output:

'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica

Command example on StoreFront:

.\storebrowse.exe -U {Username} –P {Password} –D {Domain} –L “{Resource_Name} <https://my.firstexamplestore.net/Citrix/Store/discovery>

Command example on Citrix Gateway:

<.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –L {Resource_Name} https://my.secondexamplestore.com>

Session launch

-S, --sessionlaunch

Description:

With this command, you can add a store, verify, and launch the published resources. This option takes the following as parameters:

  • User name
  • Password
  • Domain
  • Name of the resource to be launched
  • Store URL

However, if the user does not provide the credentials, the AuthManager prompts to enter the credentials and then the resource is launched.

You can get the name of the resource of published apps and desktops by running the following command:

.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery

This command results in the following output:

'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica

The name that is in bold in the previous output is used as the input parameter to the -S option.

Command example on StoreFront:

.\storebrowse.exe -U {Username} –P {Password} –D {Domain} –S “{Friendly_Resource_Name} <https://my.firstexamplestore.net/Citrix/Store/discovery >

Command example on Citrix Gateway:

.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –S {Friendly_Resource_Name} <https://my.secondexamplestore.com>

File folder

-f, --filefolder

Description:

Generates the ICA file in the custom path for the published apps and desktops.

The launch option requires a folder name and the name of the resource as the input with the Store URL. The Store URL can either be the StoreFront server or the Citrix Gateway URL.

Command example on StoreFront:

.\storebrowse.exe –f “C:\Temp\Launch.ica” –L “Resource_Name” {Store}

Command example on the Citrix Gateway:

.\storebrowse.exe –f “C:\Temp\Launch.ica” –L “Resource_Name” {NSG_URL}

Trace authentication

-t, --traceauthentication

Description:

Generates logs for the AuthManager component. Logs are generated only if the Storebrowse utility is using an in-built AuthManager. Logs are generated in the localappdata%\Citrix\Storebrowse\logs directory.

Note:

This option must not be the last parameter listed in the user’s command line.

Command example on StoreFront:

.\storebrowse.exe –t –U {UserName} –P {Password} –D {Domain} –a {StoreURL}

Command example on Citrix Gateway:

.\storebrowse.exe –t –U {UserName} –P {Password} –D {Domain} –a {NSG_URL}

Delete a store

-d, --deletestore

Description:

Deletes existing StoreFront or Citrix Gateway store.

Command example on StoreFront:

.\storebrowse.exe –d https://my.firstexamplestore.net/Citrix/Store/discovery

Command example on Citrix Gateway:

.\storebrowse.exe –d https://my.secondexmaplestore.com

Tracking Storebrowse command status

You can track the execution status of a Storebrowse command in a file. To track the success status, provide a unique file name with the -f launch command. This command generates a file with the name that you have provided. The failure status is present in the ica.error file, which is created automatically.

Note:

Ensure that you add an .ica extension to the file name with -f launch command. Otherwise, the file isn’t generated.

The files to track both success and failure are present at %LOCALAPPDATA%\citrix\selfservice\cache and you can monitor these files as needed.

This enhancement is enabled by default.

Following is an example to use the launch command with -f option:


-launch -f <uniqueFileName.ica> "launchcommandline"
For example:
SelfService.exe storebrowse -launch -f uniqueFileName.ica -s store0-5c3ec017 -CitrixID store0-5c3ec017@@a9a8e3ac-099d-4577-b84e-e33d0695df39.Notepad -ica "https://cwawiniwstest.cloudburrito.com/Citrix/Store/resources/v2/YTlhOGUzYWMtMDk5ZC00NTc3LWI4NGUtZTMzZDA2OTVkZjM5Lk5vdGVwYWQ-/launch/ica" -cmdline

<!--NeedCopy-->

Single sign-on support with Citrix Gateway

Single sign-on lets you authenticate to a domain and use the Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service)that the domain provides. You can sign in without having to reauthenticate to each app or desktop. When you add a store, your credentials pass through the Citrix Gateway server, along with the Citrix Virtual Apps and Desktops and Citrix DaaS, and Start menu settings.

This feature is supported on Citrix Gateway Version 11 and later.

Prerequisites:

For the prerequisites on how to configure Single Sign-On for the Citrix Gateway, see Configure domain pass-through authentication.

The single sign-on feature with Citrix Gateway can be enabled using the Group Policy Object (GPO) administrative template.

  1. Open the Citrix Workspace app GPO administrative template by running gpedit.msc
  2. Under the Computer Configuration node, go to Administrative Template > Citrix Component > Citrix Workspace > User Authentication > Single Sign-on for Citrix Gateway.
  3. Use the toggle options to Enable or Disable the Single Sign-On option.
  4. Click Apply and OK.
  5. Restart the Citrix Workspace app session for the changes to take effect.

Limitations:

  • Enable the HTTP Basic Authentication method on the StoreFront server for credential injection operations with the Storebrowse utility.
  • If you have an HTTP store and try to connect to the store using the utility to check or launch the published virtual apps and desktops, the credential injection using the command-line option is unsupported. As a workaround, use the external AuthManager module if you do not provide credential using the command line.
  • Storebrowse utility currently supports only single store configured the Citrix Gateway on the StoreFront server.
  • Credential Injection in the Storebrowse utility works only if the Citrix Gateway is configured with Single-Factor Authentication.
  • The command-line options Username (-U), Password (-P) and Domain (-D) of the Storebrowse utility are case-sensitive and must be in upper case only.

To enable SSON for third-party applications that uses ICOSDK, create the following registry:

  • Registry Key: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\NonIEAppsWithSson
  • Registry Value: full path of the third-party applications
  • Registry Type: reg_multi_sz

Example:

  • Registry Key: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\NonIEAppsWithSson
  • Registry Value: C:\temp1\abc.exe;C:\temp2\xyz.exe
  • Registry Type: reg_multi_sz

Note:

  • You can provide multiple third-party applications separated by semicolon.
  • This feature is supported on Version 2107 onwards.
Storebrowse