Smart card enrollment is not supported with fast smart card. Smart card enrollment might work when fast smart card is disabled, but depends on the type of smart card and middleware. Contact your smart card and middleware vendor for information on their integration with Citrix Virtual Apps and Desktops and support for smart card enrollment over virtual sessions.
Smart cards for enterprise use contain digital certificates. These smart cards support Windows Logon, and can also be used with applications for digital signing and encryption of documents and email. Citrix Virtual Apps and Desktops support these uses.
Smart cards for consumer use do not contain digital certificates; they contain a shared secret. These smart cards can support payments (such as a chip-and-signature or chip-and-PIN credit card). They do not support Windows Logon or typical Windows applications. Specialized Windows applications and a suitable software infrastructure (including, for example, a connection to a payment card network) are needed for use with these smart cards. Contact your Citrix representative for information on supporting these specialized applications on Citrix Virtual Apps or Citrix Virtual Desktops.
Citrix Virtual Apps and Desktops smart card support is based on the Microsoft Personal Computer/Smart Card (PC/SC) standard specifications. A minimum requirement is that smart cards and smart card devices must be supported by the underlying Windows operating system and must be approved by the Microsoft Windows Hardware Quality Labs (WHQL) to be used on computers running qualifying Windows operating systems. See the Microsoft documentation for additional information about hardware PC/SC compliance. Other types of user devices might comply with the PS/SC standard. For more information, refer to the Citrix Ready program.
The following smart card and middleware combinations for Windows systems have been tested by Citrix as representative examples of their type. However, other smart cards and middleware can also be used. For more information about Citrix-compatible smart cards and middleware, see
Fast smart card is an improvement over the existing HDX PC/SC-based smart card redirection. It improves performance when smart cards are used in high-latency WAN situations. When latency is high, the performance improvement can be significant (for example, 15 seconds for a Windows fast smart card logon versus more than 1 minute with the PC/SC-based smart card redirection).
Starting with VDA version 2203 and Citrix Workspace app version 2202 for Windows (or later) fast smart card is compatible with Cryptography Next Generation (CNG). In addition, Elliptic Curve Cryptography (ECC) smart cards are supported with the following curves: P-256, P-384, P-521 bits, for both ECDSA and ECDH.
A smart card reader might be built in to the user device, or be separately attached to the user device (usually via USB or Bluetooth). Contact card readers that comply with the USB Chip/Smart Card Interface Devices (CCID) specification are supported. They contain a slot or swipe into which the user inserts the smart card. The Deutsche Kreditwirtschaft (DK) standard defines four classes of contact card readers.
For information about supported smart card readers, see the documentation for the Citrix Workspace app you are using. In the Citrix Workspace app documentation, supported versions are listed in a smart card article or in the system requirements article.
Multiple smart cards and multiple readers can be used on the same user device, but if pass-through authentication is in use, only one smart card must be inserted when the user starts a virtual desktop or application. When a smart card is used within an application (for example, for digital signing or encryption functions), there might be other prompts to insert a smart card or enter a PIN. This can occur if more than one smart card has been inserted at the same time.
Step 5. Enable Citrix Gateway/Access Gateway for smart card use. For details, see Configuring Authentication and Authorization and Configuring Smart Card Access with the Web Interface in the NetScaler documentation.
Step 7. Enable user devices (including domain-joined or non-domain-joined machines) for smart card use. See Configure smart card authentication in the StoreFront documentation for details.
In this case, the Vendor ID is 05E3 and the Product ID is 0715.If there is more than one "USB Mass Storage Device" listed, unplug any USB device plugged into the system, or failing that, try a different computer. Some computers have built-in cardreaders attached to the USB bus, which can confuse the process. 2b1af7f3a8