In working with some customers lately we have seen a troubling trend. Many of our customers had worked long and hard to troubleshoot their WebSSO (Web Single Sign On) issues, but to no avail. They were excited and hopeful to present to their customers the ability to log onto a website and then to only have to click on a link to open up any number of RemoteApps.
This was the promise of Remote Desktop Services and the RemoteApps publishing in Windows Server 2008 R2. But then they end up getting prompted for credentials, and prompted again. Checking and double-checking settings and configurations all check out. Here is an example:
Bob gets prompted twice when he's in the office, but Sally sitting next to him does not.
Then Bob goes home and connects via the Remote Desktop Gateway and doesn't get prompted except at initial log on.
He comes into work the next day, and then gets double prompted again.
We have found that there is a very simple fix which can be applied to many of these situations. It comes down to the handling of the Internet Cookie that gets generated and then forwarded back to the client when the user clicks on the RDP Link in the Remote Desktop Web. What we have found is that in the JavaScript code used by the RDWeb page we are not doing any clean-up of the cookie. We expect the TSWAAuthClientSideCookie element in the transmission from the Server to the client to be the first element in the cookie data being returned.
When it is not, we fail to provide the User credentials which were gathered at logon to the Web Page. This then causes the RDP Client to get launched without credentials being presented to it. So we prompt the user for credentials (again) after they already provided them.
The fix is simple and has already been published on the Web as pertaining to a different symptom. Here is the article in question:
977507 The "Connected" icon does not appear in the notification area when you connect to a remote application by using Remote Desktop Web Access on a computer that is running Windows Server 2008 R2
http://support.microsoft.com/default.aspx?scid=kb;EN-US;977507
The article goes into editing the RenderScripts.js file, which is fairly simple and can be done in Notepad. We have seen this change fix many different WebSSO problems and other behavior regarding multiple prompts when connecting to RDWeb and WebSSO.
So, if you are having trouble with WebSSO, give it a try.
That’s it for now in regards to making your Web Single Sign-on experience better and better.
Thanks,
David John
Additional Information:
http://blogs.msdn.com/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-d...
http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-ser...
http://blogs.technet.com/b/askperf/archive/2008/02/21/ws2008-frontside-authentication-and-sso.a...
Share this post : |
|
|
|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.