Forum Discussion

SLChamberlin's avatar
SLChamberlin
Icon for Nimbostratus rankNimbostratus
Mar 06, 2019

Kerberos auth for Microsoft Remote Desktop Services ??

Client has v13 APM frontend to Microsoft RDS Web Access on Windows 2016. Currently using APM policy with AD Auth and SSO. They want to move to SAML (APM SP, Ping IdP) in place of AD Auth. That breaks the SSO as APM no longer captures the password. Was hoping to use delegated Kerberos SSO but it is not a selection option for RDS. There is a "Standalone Client Settings" with "Kerberos SSO Configuration" option. Selecting a Kerberos SSO configuration there does not seem to do anything. Looking at APM logs set to debug, there are no Kerberos entries for the session. Am I missing something? Does it only apply to Session Host? Or is Kerberos to RDS not supported period?

 

APM
application delivery
LTM
security

2 Replies

Sort By
  • VegardMa_217967's avatar
    VegardMa_217967
    Icon for Nimbostratus rankNimbostratus
    Apr 11, 2019

    Hi. I have the exact same question. I've set up APM as a oauth service provider to provide the users a rdp gateway webtop, and are successfully "authenticating" azuread users. I'm also successfully getting a kerberos ticket for the user via contrained delegation so the user are single-signed on to the rds web feed. But when users are starting the native rdp client the SSO stops. I would also like to get the kerberos-ticket sent to the session host. Did you solved this in any way?

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      May 21, 2019

      looking at a similar situation, can't find too much on SSO for for native RDP configuration.