Forum Discussion
NimbostratusKerberos auth for Microsoft Remote Desktop Services ??
Client has v13 APM frontend to Microsoft RDS Web Access on Windows 2016. Currently using APM policy with AD Auth and SSO. They want to move to SAML (APM SP, Ping IdP) in place of AD Auth. That breaks the SSO as APM no longer captures the password. Was hoping to use delegated Kerberos SSO but it is not a selection option for RDS. There is a "Standalone Client Settings" with "Kerberos SSO Configuration" option. Selecting a Kerberos SSO configuration there does not seem to do anything. Looking at APM logs set to debug, there are no Kerberos entries for the session. Am I missing something? Does it only apply to Session Host? Or is Kerberos to RDS not supported period?
VegardMa_217967Hi. I have the exact same question. I've set up APM as a oauth service provider to provide the users a rdp gateway webtop, and are successfully "authenticating" azuread users. I'm also successfully getting a kerberos ticket for the user via contrained delegation so the user are single-signed on to the rds web feed. But when users are starting the native rdp client the SSO stops. I would also like to get the kerberos-ticket sent to the session host. Did you solved this in any way?
- boneyard
MVP
looking at a similar situation, can't find too much on SSO for for native RDP configuration.
