LAB–Remote Desktop SSO with RDGW
2. http://blogs.msdn.com/b/rds/archive/2007/05/04/single-credential-prompt-for-ts-gateway-server-and-terminal-server.aspx
==================================================================
http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx
Web SSO with RD Gateway
Web SSO also works when RemoteApp programs are set to use RD Gateway regardless of whether RD Web Access accesses RemoteApp programs in RD Session Host mode or RD Connection Broker mode.
The configuration of Web SSO for RD Gateway assumes that:
- an RD Gateway is deployed
- a ‘Connection Authorization Policy’ is set to use password for the users connecting
- and the RD Gateway server is used by RemoteApp programs
More details on how to configure a ‘Connection Authorization Policy’ on RD Gateway can be found here.
The step below is needed regardless of the mode RD Web Access is configured. In case of RD Connection Broker mode, the step needs to be performed on each RD Session Host server which is added as a RemoteApp Source on RD Connection Broker Server.
Membership in the local Administrators group (or equivalent) on the RD Session Host server that you plan to configure is the minimum requirement to complete each of the following steps.
- On the RD Session Host server, open RemoteApp Manager. To open RemoteApp Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click RemoteApp Manager.
- In the Actions pane of RemoteApp Manager, click RD Gateway Settings. (Or, in the Overview pane, next to RD Gateway Settings, click Change.)
- Select the Use these RD Gateway server settings.
- In the Server name box, click the FQDN of the RD Gateway server.
- In the Logon box, select the Ask for password (NTLM).
- Select the Use the same user credentials for RD Gateway and RD Session Host server check box.
- Click OK to close the RemoteApp Deployment Settings dialog box.
Web SSO in Windows Integrated Authentication
If RD Web Access is configured to use Windows Authentication, which is the Windows Server 2008 mode, instead of the default Forms Based Authentication (FBA), users will be prompted for credentials twice: once for the Windows Integrated Authentication for RD Web Access and again on the launch of the first RemoteApp in the RemoteApp and Desktop Connection. Thereafter on subsequent RemoteApp launch, SSO will work as it works in the FBA mode.
==================================================================
Comments
Post a Comment