Storebrowse
Note:
This article is applicable to on-premises deployments of Citrix Workspace only. For cloud deployements, see Storebrowse for Workspace documentation.
Storebrowse is a command-line utility that interacts between the client and the server. It’s used to authenticate all the operations within StoreFront and with Citrix Gateway.
Using the Storebrowse utility, administrators can automate the following operations:
- Add a store.
- List the published apps and desktops from a configured store.
- Generate an ICA file by selecting any published virtual apps and desktops manually.
- Generate an ICA file using the Storebrowse command line.
- Launch the published application.
The Storebrowse utility is a part of the Authmanager
component. When Citrix Workspace app installation is complete, the Storebrowse utility is in the AuthManager
installation folder.
To confirm that the Storebrowse utility is installed along with the Authmanager
component, check the following registry path:
When Citrix Workspace app is installed by administrators:
On a 32-bit machine | [HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\AuthManager\Install] |
On a 64-bit machine | [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\AuthManager\Install] |
When Citrix Workspace app is installed by users (non-administrators):
On a 32-bit machine | [HKEY_CURRENT_USER\SOFTWARE\Citrix\AuthManager\Install] |
On a 64-bit machine | [HKEY_CURRENT_USER\SOFTWARE\WOW6432Node\Citrix\AuthManager\Install] |
Requirements
- Citrix Workspace app Version 1808 for Windows or later.
- Minimum of 530 MB of free disk space.
- 2 GB RAM.
Compatibility Matrix
Storebrowse utility is compatible with the following Operating systems:
Operating system |
---|
Windows 10 32-bit and 64-bit editions |
Windows Server 2022 |
Windows Server 2016 |
Windows Server 2008 R2, 64-bit edition |
Windows Server 2008 R2, 64-bit edition |
Connections
Storebrowse utility supports the following types of connections:
- HTTP store
- HTTPS store
- Citrix Gateway 11.0 and later
Note:
On an HTTP store, the Storebrowse utility does not accept credentials using the command-line.
Authentication methods
StoreFront servers
StoreFront supports different authentication methods to access stores, however, not all are recommended. For security purposes, some of the authentication methods are disabled by default while creating a store.
- Username and Password: Enter the credentials to be authenticated to access stores. By default, Explicit authentication is enabled when you create your first store.
- Domain Pass-through: After authenticating to the domain-joined windows computers, you’re automatically logged on to stores. To use this option, enable pass-through authentication when installing the Citrix Workspace app. For more information on domain pass-through, see Configuring Pass-through authentication.
- HTTP Basic: This method is used by third-party client integrations and web portals, where an external user interface has been used to capture a domain-qualified user name and password. StoreFront uses the Basic Authentication feature in IIS to transport the credentials to the StoreFront server. StoreFront then uses either the Domain Services, or the Broker XML Service authentication to validate the credentials and to obtain the group information. For information on how to enable HTTP Basic authentication, see HTTP Basic in the Manage authentication methods documentation.
- Advanced NetScaler policies for Storebrowse: Citrix Workspace app for Windows supports advanced policies on NetScaler Gateway with Storebrowse. The supported authentication protocol is LDAP authentication.
Note:
The nFactor authentication protocol isn’t supported with Storebrowse on Windows.
Storebrowse utility supports authentication methods in any of the following methods:
- Using the
AuthManager
that is in-built along with the Storebrowse utility. Note: Enable the HTTP Basic authentication method on the StoreFront while working with the Storebrowse utility. This method applies when the user provides the credentials using the Storebrowse commands. - Use the
Authmanager
that is included with Citrix Workspace app for Windows. You can use this method, when you use domain pass-through authentication. For more information, see Domain pass-through authentication documentation.
Launch published desktop or application
You can now launch a resource directly from the store without having to use an ICA file.
Note:
You can’t open SaaS apps or published content using Storebrowse commands.
Command usage
The following section provides detailed information about the commands that you can use from the Storebrowse utility.
Add a store
-a
, --addstore
Description:
Adds new store. Returns the full URL of the store. If the return fails, an error is reported.
Note:
Multi-store configuration is supported on the Storebrowse utility.
Command example on StoreFront:
Command:
storebrowse.exe –U *username* -P *password* -D *domain* -a *URL of Storefront*
Example:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –a [https://my.firstexamplestore.net](https://my.firstexamplestore.net)
Command example on Citrix Gateway:
Command:
storebrowse.exe –U *username* -P *password* -D *domain* -a *URL of CitrixGateway*
Example:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –a <https://mysecondexample.com>
Help
/?
Description:
Provides details on Storebrowse utility usage.
List store
(-l)
, --liststore
Description:
Lists the stores that are added by the user.
Command Example on StoreFront:
.\storebrowse.exe –l
Command Example on Citrix Gateway:
.\storebrowse.exe –l
Enumerate
(-M 0x2000 -E)
Description:
Enumerates resources.
Command example on StoreFront:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –M 0x2000 –E <https://my.firstexamplestore.net/Citrix/Store/discovery>
Command example on Citrix Gateway:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –M 0x2000 –E <https://my.secondexample.net>
Quick launch
-q
, --quicklaunch
Description:
Generates the ICA file for published apps and desktops using the Storebrowse utility. The quicklaunch
option requires a launch URL as an input along with the Store URL. The launch URL which can either be the StoreFront server or the Citrix Gateway URL. The ICA file is generated in the %LocalAppData%\Citrix\Storebrowse\cache
directory.
You can get the launch URL for any published apps and desktops by running the following command:
.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery
A typical launch URL is as follows:
'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica
Command example on StoreFront:
.\storebrowse.exe –U {Username} –P {Password}–D {Domain} –q {Launch_URL_of_published_ apps and desktops }<https://my.firstexamplestore.net/Citrix/Store/resources/v2/Q2hJkOlmNoPQrSTV9y/launch/ica> <https://my.firstexamplestore.net/Citrix/Store/discovery>
Command example on Citrix Gateway:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –q {Launch_URL_of_published_ apps and desktops} <https://my.secondexmaplestore.com>
Launch
-L
, --launch
Description:
Generates the required ICA file for published apps and desktops using the Storebrowse utility. The launch option requires the name of the resource along with the Store URL. The name which can either be the StoreFront server or the Citrix Gateway URL. The ICA file is generated in the %LocalAppData%\Citrix\Storebrowse\cache
directory.
Run the following command to get the display name of the published apps and desktops:
.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery
This command results in the following output:
'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica
Command example on StoreFront:
.\storebrowse.exe -U {Username} –P {Password} –D {Domain} –L “{Resource_Name} <https://my.firstexamplestore.net/Citrix/Store/discovery>
Command example on Citrix Gateway:
<.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –L {Resource_Name} https://my.secondexamplestore.com>
Session launch
-S
, --sessionlaunch
Description:
With this command, you can add a store, verify, and launch the published resources. This option takes the following as parameters:
- User name
- Password
- Domain
- Name of the resource to be launched
- Store URL
However, if the user does not provide the credentials, the AuthManager
prompts to enter the credentials and then the resource is launched.
You can get the name of the resource of published apps and desktops by running the following command:
.\storebrowse –M 0X2000 –E https://myfirstexamplestore.net/Citrix/Second/discovery
This command results in the following output:
'Controller.Calculator' 'Calculator' '\' '' http://abc-sf.xyz.com/Citrix/Stress/resources/v2/Q29udHJvbGxlci5DYWxjdWxhdG9y/launch/ica
The name that is in bold in the previous output is used as the input parameter to the -S
option.
Command example on StoreFront:
.\storebrowse.exe -U {Username} –P {Password} –D {Domain} –S “{Friendly_Resource_Name} <https://my.firstexamplestore.net/Citrix/Store/discovery >
Command example on Citrix Gateway:
.\storebrowse.exe –U {Username} –P {Password} –D {Domain} –S {Friendly_Resource_Name} <https://my.secondexamplestore.com>
File folder
-f
, --filefolder
Description:
Generates the ICA file in the custom path for the published apps and desktops.
The launch option requires a folder name and the name of the resource as the input with the Store URL. The Store URL can either be the StoreFront server or the Citrix Gateway URL.
Command example on StoreFront:
.\storebrowse.exe –f “C:\Temp\Launch.ica” –L “Resource_Name” {Store}
Command example on the Citrix Gateway:
.\storebrowse.exe –f “C:\Temp\Launch.ica” –L “Resource_Name” {NSG_URL}
Trace authentication
-t
, --traceauthentication
Description:
Generates logs for the AuthManager
component. Logs are generated only if the Storebrowse utility is using an in-built AuthManager
. Logs are generated in the localappdata%\Citrix\Storebrowse\logs
directory.
Note:
This option must not be the last parameter listed in the user’s command line.
Command example on StoreFront:
.\storebrowse.exe –t –U {UserName} –P {Password} –D {Domain} –a {StoreURL}
Command example on Citrix Gateway:
.\storebrowse.exe –t –U {UserName} –P {Password} –D {Domain} –a {NSG_URL}
Delete a store
-d
, --deletestore
Description:
Deletes existing StoreFront or Citrix Gateway store.
Command example on StoreFront:
.\storebrowse.exe –d https://my.firstexamplestore.net/Citrix/Store/discovery
Command example on Citrix Gateway:
.\storebrowse.exe –d https://my.secondexmaplestore.com
Tracking Storebrowse command status
You can track the execution status of a Storebrowse command in a file. To track the success status, provide a unique file name with the -f launch
command. This command generates a file with the name that you have provided. The failure status is present in the ica.error
file, which is created automatically.
Note:
Ensure that you add an
.ica
extension to the file name with-f launch
command. Otherwise, the file isn’t generated.
The files to track both success and failure are present at %LOCALAPPDATA%\citrix\selfservice\cache
and you can monitor these files as needed.
This enhancement is enabled by default.
Following is an example to use the launch command with -f
option:
-launch -f <uniqueFileName.ica> "launchcommandline"
For example:
SelfService.exe storebrowse -launch -f uniqueFileName.ica -s store0-5c3ec017 -CitrixID store0-5c3ec017@@a9a8e3ac-099d-4577-b84e-e33d0695df39.Notepad -ica "https://cwawiniwstest.cloudburrito.com/Citrix/Store/resources/v2/YTlhOGUzYWMtMDk5ZC00NTc3LWI4NGUtZTMzZDA2OTVkZjM5Lk5vdGVwYWQ-/launch/ica" -cmdline
<!--NeedCopy-->
Single sign-on support with Citrix Gateway
Single sign-on lets you authenticate to a domain and use the Citrix Virtual Apps and Desktops and Citrix DaaS (formerly Citrix Virtual Apps and Desktops service)that the domain provides. You can sign in without having to reauthenticate to each app or desktop. When you add a store, your credentials pass through the Citrix Gateway server, along with the Citrix Virtual Apps and Desktops and Citrix DaaS, and Start menu settings.
This feature is supported on Citrix Gateway Version 11 and later.
Prerequisites:
For the prerequisites on how to configure Single Sign-On for the Citrix Gateway, see Configure domain pass-through authentication.
The single sign-on feature with Citrix Gateway can be enabled using the Group Policy Object (GPO) administrative template.
- Open the Citrix Workspace app GPO administrative template by running gpedit.msc
- Under the Computer Configuration node, go to Administrative Template > Citrix Component > Citrix Workspace > User Authentication > Single Sign-on for Citrix Gateway.
- Use the toggle options to Enable or Disable the Single Sign-On option.
- Click Apply and OK.
- Restart the Citrix Workspace app session for the changes to take effect.
Limitations:
- Enable the HTTP Basic Authentication method on the StoreFront server for credential injection operations with the Storebrowse utility.
- If you have an HTTP store and try to connect to the store using the utility to check or launch the published virtual apps and desktops, the credential injection using the command-line option is unsupported. As a workaround, use the external
AuthManager
module if you do not provide credential using the command line. - Storebrowse utility currently supports only single store configured the Citrix Gateway on the StoreFront server.
- Credential Injection in the Storebrowse utility works only if the Citrix Gateway is configured with Single-Factor Authentication.
- The command-line options
Username (-U)
,Password (-P
) andDomain (-D)
of the Storebrowse utility are case-sensitive and must be in upper case only.
To enable SSON for third-party applications that uses ICOSDK, create the following registry:
- Registry Key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\NonIEAppsWithSson
- Registry Value: full path of the third-party applications
- Registry Type: reg_multi_sz
Example:
- Registry Key:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\ICA Client\NonIEAppsWithSson
- Registry Value: C:\temp1\abc.exe;C:\temp2\xyz.exe
- Registry Type: reg_multi_sz
Note:
- You can provide multiple third-party applications separated by semicolon.
- This feature is supported on Version 2107 onwards.