The user logon workflow in Storefront is different to webinterface.













1. User enters username and password. This is sent to the StoreFront server.

2. The authentication service of StoreFront fetches the user credentials and validates them with a domain controller. StoreFront servers must reside either within the Active Directory domain containing the user accounts or  within a domain that has a trust relationship with the user accounts domain. All the StoreFront servers in a group must reside within the same domain.

3. StoreFront checks the data store for existing user subscriptions and stores them in memory.

4. StoreFront forwards the user credentials as part of a XML query to the backend systems, such as XenApp, XenDesktop, App Controller or VDI-in-a-Box sequentially. In this case the credentials are sent to the XenDesktop Controller which is the sole resource configured.

5. The XenDesktop Controller validates the user credentials with a domain controller.

6. After a successful validation the XenDesktop Controller checks which resources have been published to this user within its database.

7. The XenDesktop Controller sends an XML response to Web Interface / StoreFront which contains all resources available for the user from the XenDesktop site.

8. StoreFront sends the list of available Resources including the existing subscriptions to the Citrix Receiver installed locally or displays them in Receiver for Web.
Now the user can start any published resource.

Source: Citrix