Trying to get an interactive session to validate through Citrix. It's for user desktop sessions but it seems Citrix doesn't use the standard Credential Provider interface. It's a Windows desktop but it looks to make direct API calls to auth.
In any case I'm writing an app to front-end the login process so I can use pGINA to auth a user in C# and make it all work.
Looked for docs to use the API but didn't see anything, hoping
The reason I ended up here is because Citrix needs a Windows account with group memberships etc. on the local machine and it's all maintained in an LDAP directory and the account list is fairly dynamic. I have pGINA authing from LDAP, creating the Windows account and applying group memberships and until I found that Citrix doesn't apparently use a Credential Provider for everything I thought it was good but it is an interactive login so it's frustrating.
Current approach is to force a pGINA auth to get all of it's benefits and pass the credentials into Citrix on the fly and since the Windows account will exist it will succeed.
I wanted to stay away from writing my own code to create the Windows account, groups, etc. after a direct LDAP auth but if that makes more sense I may habe to start marching down that path.
So, if I understand you correctly, you want to have another service (IIS) trigger the logon process through pGina.The pGina service communicates with the pGina Credential Provider via a named pipe. I suppose that it would be theoretically possible to "impersonate" the Credential Provider and communicate with the service via that same pipe. However, that's an option that is outside of the current pGina design. Perhaps for a future major release we could think about supporting communication with the pGina service from other apps/services, however it's currently not a common use case.
Are there any docs/references on the Named pipe API you can share?