Forum Discussion

mawan_revera's avatar
mawan_revera
Icon for Altostratus rankAltostratus
Jun 23, 2019

SSO - RDP hosts

Hello ,

i am on F5 - 13.1.4 and am trying to setup sso for remote desktop - i have enabled sso when setting up desktop - but its still not signining on and asking for username and password - meaning - giving a prompt

logs indicate username - domain and password variables are set but still not working

 

Question - do i need to do a sso mapping (i thought that was not necessary)

2 - do i need to setup NTLM2 sso for this ?

 

thanks

 

  • > do i need to do a sso mapping (i thought that was not necessary)

     

    what variables are defined in rdp sso section?

     

    if source variables are session.sso.token.last.username and session.sso.token.last.password, you need to set these variables...

     

    sso credential mapping is a tool to do it but you can also do it with variable assign

     

    Rdp does not use NTLM sso.

     

    are you sure session.logon.last.domain is configured with NT domain name?

  • Thanks for the reply -

    i have added variable assign -

    session.logon.last.username = session.logon.last.username

    session.sso.token.last.password = expr { "[mcget session.logon.last.password1]" }

    session.logon.last.domain = expr {"RVM"}

     

    and i can see in th elogs as well (debug) - that

    _resource_remote_desktop./MGM/S01.domain' set to 'RVM'

    resource_remote_desktop./MGM/S01.password' set to '**********'

    resource_remote_desktop./MGM/S01.username' set to 'TESTUSEr'

     

    but still - get a logon prompt when i launch RDP

  • Did you set a ssl profile to the vs?

     

    if yes, don’t use APM default server ssl but serverssl.

     

    i got issues with sso because APM did not trust rdp server CA (not listes in trusted ca defined in this ssl profile)

  • Is the variable session.logon.last.password1 encrypted?

     

    In variable assign for password, set it as secured and use expression

     

    expr { "[mcget -secure session.logon.last.password1]" }