locked
RDG with ADFS Trust RRS feed

  • Question

  • Hi all,

    I'm a bit confused right now as i'm not able to find a proper howto or even an answer to my specific question. Maybe you guys can help:

    We are offering an SaaS application which has to be consumed via RD-Sessions. Therefore we are providing a RDG and also RDWeb.

    Right now we are trying to offer a trust solution (best would be SSO) via ADFS as alot of our customers are not willing to set up a classical one way AD trust.

    Is it even possible to realize that via ADFS and if so is there any documentation around this case?

    Best Regards

    Daniel

    Wednesday, July 6, 2016 2:56 PM

All replies

  • ADFS will authenticate/validate the user for the AD and do a secure connection in https:433 by import a SSL certificate. I think that will not have nothing to do with RD connection. That will have to be another role.

    Wednesday, July 6, 2016 4:07 PM
  • Wednesday, July 6, 2016 6:54 PM
  • Unfortunately not :)
    Tuesday, July 12, 2016 7:35 AM
  • Unfortunate indeed. Can you give us an update? What isn't matching? Or what isn't working?

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, July 12, 2016 12:49 PM
  • I've set up an lab environment so far (and besides others were using the already posted guide).

    What i've done:

    - ADFS Server on both sides

    - RDS 2012R2 Remotedesktop Collection on Ressource Forest

    - RDG/RDWeb

    - WAP

    So i've published RDWeb/RDG through WAP with ADFS pre authentication. Since i've enabled Windows-Authentication within RDWeb, i am able to SSO directly into RDWeb.

    But this just happens as my Domain Computer sends my credentials to ADFS and to RDWeb. But what i want is RDWeb getting credentials from ADFS.

    Thursday, July 14, 2016 8:20 AM
  • Can you elaborate when you write: "what i want is RDWeb getting credentials from ADFS". Authentication is driven by the client.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, July 14, 2016 12:46 PM
  • So right now if your are calling our RDWeb URL your request gets handled by WAP and you will see a ADFS pre authentication page.

    You are able to login there BUT this ADFS authentication is not being used by RDWeb. You get a token but RDWeb still uses credentials sent by the client or just wants another login.

    What needs to be done that RDWeb (or RDG) uses the ADFS token to authenticate/authorize incoming logins?

    Wednesday, August 3, 2016 8:12 AM