Wednesday, January 6, 2010

Certificates and Web SSO

This post is adapted from the forthcoming Windows Server 2008 R2 Remote Desktop Services Resource Kit

Regarding the setup of Web SSO for use with the RD Web Access website:

The Web SSO feature alloows users to login to the RD Web Access Website, and then access RemoteApps published to the RD WEb Access website with no need for the user to supply credentials again (hence the name "Web Single Sign On" ;)

Check out the RDS Team Blog for an intro to this topic.

Web SSO requires signing certficates (SSL cert) be applied to each RDSH server (in RemoteApp Manager). MAKE SURE THESE CERTS are the EXACT SAME CERT for all farm members! Otherwise Web SSO will not work.

This is because the certificate is used for credential sharing, not just proving they are legit by a CA. The hash is looked at and it needs to be the same hash on each certificate.

This is also true if you are publishing Remoteapps from multiple farms. If you want the user to log in to RD WEb Access only once and be able to access RemoteApps from all farms without entering credentials again for each farm, then make the signing cert the same across all farms.

No comments:

Post a Comment