locked
Remote Web SSO Issue RRS feed

  • Question

  • OS: Server 2008 R2

    Having an issue getting SSO working if it is possible to get the below scenario to work

    I have a VM i'm using with Remote Web installed, I have this as the connect point to all other applications.

    I have other terminal servers that host different apps, I have created self signed certs from all of these and installed them on the above VM.

    From remote app manager on each of these terminal servers I have created .rdp files and copied them to the above VM and added them into that machines remote web.

    I can launch all of these but it requires me to login 3 different times

    1) Remote Web Portal (I want this to be the only time the user has to supply credentials )
    2) Click on icon for app and asked for credentials again without a save password box
    3) Asked for credentials again with a box to remember credentials 

    Is there anyway to avoid all of this logging in?

    Thanks in advance

    Tuesday, July 16, 2013 3:16 PM

Answers

  • Hi,

    To take advantage of the new Web SSO feature, the client must be running Remote Desktop Connection (RDC) 7.0.

    In order for Web SSO to work:

    1The connection in RemoteApp and Desktop Connections must have an ID. By default, it is set to the Fully Qualified Domain Name (FQDN) of the RD Connection Broker server in case of RD Connection Broker mode. In RD Session mode, it is set to the FQDN of the RD Web Access server.

    2RemoteApp programs must be digitally signed using a Server Authentication certificate [Secure Sockets Layer (SSL) certificate]. The certificate Enhanced Key Usage section must contain ‘Server Authentication (1.3.6.1.5.5.7.3.1)’. More details about the types of certificates used to digitally sign RemoteApp programs can be found here.

    3Client operating systems must trust the certificate with which the RemoteApp programs are signed.

    Introducing Web Single Sign-On for RemoteApp and Desktop Connections:http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx

    Clarence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, July 23, 2013 9:32 AM