Microsoft Forefront Security Forums | ForefrontSecurity.ORG Knowledge Center | Online Platform | Forums | Community
Go back to www.ForefrontSecurity.ORG     ForefrontSecurity.org on LinkedIn
Welcome Guest Search | Active Topics | Log In | Register

How to use SSO with full desktop publishing?
Options View
Previous Topic Next Topic
Yev
#1 Posted : Saturday, September 18, 2010 9:29:27 PM(UTC)
Rank: Member
Groups: Registered

Joined: 7/29/2010(UTC)
Posts: 10
Points: 30
Location: Israel
Hi,

Running UAG 2010 with Update 1 on Win 2008 R2.

I have a RDS full desktop published for users that goes to a backend RDS farm with two RDS Session Hosts and one Broker.

Is it possible, and if so how, to use SSO with this configuration? There is an SSO option for RemoteApps but not for full desktop; which means that each user has to authenticate twice, once to the portal and second to the RDS.

Thanks,

Yev
Back to top
Sponsor  
 
Back to top  
Idan Plotnik
#2 Posted : Sunday, September 19, 2010 9:33:29 AM(UTC)
Rank: Administration

Groups: Registered, Administrators

Joined: 10/22/2008(UTC)
Posts: 779
Points: 2,351
Location: Israel
Hi Yev,
Welcome to our Forefront forums!
RDS does not support SSO for Remote Desktop only for RemoteApps BUT I started coding something with external command-line tool that can get username and password as parameters but I didn't finish, time problem :)
HTH
Idan Plotnik
Identity and Security Engineer
Forefront MVP

עידן פלוטניק
יועץ זהויות ואבטחת מידע
Back to top
WWW
cox
#3 Posted : Tuesday, October 05, 2010 6:12:41 PM(UTC)
Rank: Newbie
Groups: Registered

Joined: 10/5/2010(UTC)
Posts: 1
Points: 3
Location: France

Hello Yev, Idan

I am trying to do the same, use of SSO for publishing Remote Full Desktops on TS 2003 servers..

Idan, do you think your solution you are working on could be available soon? Do you think UAG team will release an update to make it available? (i thought update 2 would have fixed it.. but doesn't seem)

Thanks !

David

 
Back to top
ferrix
#4 Posted : Tuesday, October 05, 2010 11:38:40 PM(UTC)
Rank: Newbie
Groups: Registered

Joined: 10/4/2010(UTC)
Posts: 2
Points: 6
Location: USA
As I understand, the problem is pretty fundamental to how Microsoft has implemented authentication. Unlike some other solutions, there is no ticket generated in the web session that can be passed to the remoting software. So there's no secure way for mstsc to know who you are based on who is on the web page. It's kind of an epic oversight, but there you go.
Back to top
WWW
Idan Plotnik
#5 Posted : Wednesday, October 06, 2010 12:15:09 PM(UTC)
Rank: Administration

Groups: Registered, Administrators

Joined: 10/22/2008(UTC)
Posts: 779
Points: 2,351
Location: Israel

Depend how you define "soon" :)

We are working on the new ForefrontSecurity.org platform that will be avaliabe next week, ping me in two weeks

HTH

Idan Plotnik
Identity and Security Engineer
Forefront MVP

עידן פלוטניק
יועץ זהויות ואבטחת מידע
Back to top
WWW
Alfred
#6 Posted : Tuesday, October 26, 2010 11:54:07 AM(UTC)
Rank: Newbie
Groups: Registered

Joined: 10/26/2010(UTC)
Posts: 1
Points: 3
Location: Netherlands

Hi There,

We are currently using UAG and are very interested in SSO for RDS desktops. Did you make any progress?

Thanks.
Back to top
Oseborn
#7 Posted : Monday, April 23, 2012 4:49:10 PM(UTC)
Rank: Newbie
Groups: Registered

Joined: 4/23/2012(UTC)
Posts: 1
Points: 3
Location: Paris
Hello,
For your information : Single sign on (SSO) - Forefront UAG adds single sign-on functionality for RDS. The credentials provided by the user for session login can be used to authenticate to published RemoteApps and Desktop Connections.
Extracted from :
http://download.microsoft.com/download/1/8/9/189AE1DB-5819-41A8-A58D-EE9EA3FF401B/RDSSolution.docx
Back to top
WWW
 |  Edit by user
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

ForefrontSecurity.ORG Design Team
Powered by YAF | YAF © 2003-2010, Yet Another Forum.NET
This page was generated in 0.686 seconds.