The latest release of the Remote PowerShell SDK simplifies authentication with Citrix Cloud. Now, it’s easier to create fully automated scripts, like scheduled tasks, and more convenient to authenticate.
Introducing credential profiles
The Remote PowerShell SDK now allows administrators to create and manage a set of securely stored credential profiles.
There are four credential profile types: one for on-premises and three for the cloud. Each type supports an authentication method.
- OnPrem: Kerberos authentication, for communicating with on-premises Delivery Controllers.
- CloudCas: Prompt for username/password for each PowerShell session.
- CloudAPI: Customer ID and API key / secret stored in the user’s Windows profile.
- CloudToken: Customer ID and current bearer token, not persisted across PowerShell sessions.
To create a CloudAPI profile that bypasses the manual Citrix Cloud authentication dialog, you must first create a Citrix Cloud API Access Secure Client. This operation can be found in the Citrix Cloud console, under “Identity and Access Management.” Downloading your Secure Client saves a file named secureclient.csv, which should be kept in a safe location.
Note: With the OnPrem authentication method, the target server specified in any SDK -AdminAddress parameter is honored. With any of the cloud methods, it is ignored.
Manage credential profiles
Three new cmdlets are available to create and maintain credential profiles:
- Set-XDCredentials: Creates a new XDCredentials object from a (downloaded) Secure Client file or specified APIKey and SecretKey pair, and saves it to a persistent credentials store (-StoreAs), or temporarily in the current shell using the variable $XDStoredCredentials.
- Get-XDCredentials: Returns an XDCredentials object initialized from either credentials currently set as the default in the shell, or saved and associated with the supplied name from the credentials store. Optionally, the cmdlet can list the names of all credential profiles held in the store.
- Clear-XDCredentials: Clears the credential profile currently set as the default in the shell, or, if supplied with a name, deletes the specified credential profile from the credentials store.
The Get-XDAuthentication cmdlet has been enhanced to accept a ProfileName parameter to allow specification of a stored profile, or if a profile name is not specified, it searches the profile store for a profile named ‘default.’ A BearerToken parameter has also been added to allow a bearer token obtained from a previously successful Citrix Cloud logon to be passed, as another way to bypass manual authentication.
Note: Get-XDAuthentication replaces the old cmdlet Get-CWCAuthentication. If you have scripts invoking this cmdlet explicitly, you will need to update them. However, if the old cmdlet is invoked indirectly from another SDK cmdlet, no changes are required.
Create a default credential profile
The following command creates a default credential profile for customer “citrixdemo” that will bypass manual authentication in the current and all subsequent PowerShell sessions.
Set-XDCredentials -CustomerId “citrixdemo” -SecureClientFile “c:\temp\secureclient.csv” -ProfileType CloudAPI –StoreAs “default”
Create additional credential profiles
The following command creates a new credential profile named “test” for customer “citrixtest“, using a secure client for that customer.
Set-XDCredentials -CustomerId “citrixtest” -SecureClientFile “c:\temp\secureclient2.csv” -ProfileType CloudAPI –StoreAs “test”
The following command creates a new credential profile named “prod” for customer “citrixprod“, that requires manual authentication.
Set-XDCredentials -CustomerId “citrixprod” -ProfileType CloudCas –StoreAs “prod”
The following command lists the three stored credential profiles.
Get-XDCredentials -ListProfiles
Specify a credential profile
To run a script that uses a credential profile named “test“, first run the following command.
Get-XDAuthentication –ProfileName “test”
To run a script that uses a credential profile named “prod“, first run the following command.
Get-XDAuthentication –ProfileName “prod”
Run the following command to revert to using the default profile in the current session.
Clear-XDCredentials
Remove a credential profile
Run the following command to permanently remove the credential profile named “test“.
Clear-XDCredentials –ProfileName “test”
Reference
For further details on this topic, read the documentation at https://docs.citrix.com/en-us/xenapp-and-xendesktop/service/sdk-api.html
Download the Remote PowerShell SDK for the XenApp and XenDesktop Service from https://download.apps.cloud.com/CitrixPoshSdk.exe.
