Forum Discussion

The-messenger_1's avatar
The-messenger_1
Icon for Nimbostratus rankNimbostratus
Mar 24, 2017

Remote desktop application - sso drops domain

I have configured Remote Desktops under Application Access, in the configuration I selected Single Sign-on. I created an Access Policy, assigned the Advanced resource. All is good except the domain information is dropped for single sign-on. If I don't select single sign-on, I get the expected results, I must sign-in, the domain is present, just need to enter the user name.

 

Is there something I need in the access policy, as well as the application configuration for the domain?

 

I'm running 12.1.2

 

application delivery
BIG-IP Access Policy Manager (APM)

6 Replies

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Mar 24, 2017

    When you do sessiondump do you see the session.logon.last.domain value? Is it captured during logon?

     

    • The-messenger's avatar
      The-messenger
      Icon for Cirrostratus rankCirrostratus
      Mar 24, 2017

      Thanks kunjan - your thought is correct, I am not capturing the domain during logon. I believe I should see the domain when I do a sessiondump and grep sessionkey.session.logon.last.username|sessionkey.session.logon.last.domain I get the username but not the domain name.

       

    • The-messenger's avatar
      The-messenger
      Icon for Cirrostratus rankCirrostratus
      Mar 24, 2017

      With 12.1 and the sso addition to the remote desktop application config, I didn't think I would need a variable-assign to grab the domain. Just to see if that was the issue, I tried adding a variable assign to grab the domain name session.logon.last.domain = expr { "domainname" }. RDP is still trying to use the local desktop name as the domain name.

       

       

  • kunjan_118660's avatar
    kunjan_118660
    Icon for Cumulonimbus rankCumulonimbus
    Mar 24, 2017

    When you do sessiondump do you see the session.logon.last.domain value? Is it captured during logon?

     

    • The-messenger's avatar
      The-messenger
      Icon for Cirrostratus rankCirrostratus
      Mar 24, 2017

      Thanks kunjan - your thought is correct, I am not capturing the domain during logon. I believe I should see the domain when I do a sessiondump and grep sessionkey.session.logon.last.username|sessionkey.session.logon.last.domain I get the username but not the domain name.

       

    • The-messenger's avatar
      The-messenger
      Icon for Cirrostratus rankCirrostratus
      Mar 24, 2017

      With 12.1 and the sso addition to the remote desktop application config, I didn't think I would need a variable-assign to grab the domain. Just to see if that was the issue, I tried adding a variable assign to grab the domain name session.logon.last.domain = expr { "domainname" }. RDP is still trying to use the local desktop name as the domain name.