0

Just wondering if someone could help me out on how to enable SSO when lunching RemoteApps. I followed some instructions on the net but it does not seem to work.

What I did was the following: I created a Certificate from my IIS7 and imported as a Digital Signature to my RemoteApp. When I try running the RemoteApp from the TS Gateway (ie I'm physically RDP to it) SSO works and my app lunches automatically. However, when I open IE from another computer in the network or outside the network, the TS Web opens my users authenticate to it, but when launching the RemoteApp they are prompted once again to log in. Since the RemoteApp requires a user authentication my users will get annoyed if they have to type their username/passwords 3 times. Any Thoughts on how to allow SSO to work specially from the internet. I really don't want to purchase a certificate from a trusted vendor so I was thinking of publishing the certificate myself to the users.

Thanks

Royer
  • 1
  • 3
  • Describe the client computers, what OS, are they on the domain, etc. – Bret Fisher Aug 02 '12 at 23:28
  • The environment consist of 3 servers 1 Server for the TS Gateway / TS Web Access 1 Server for TS RemoteApp 1 Server as a DC All servers are Windows 2008 Server R2 Standard Edition Fully patch The client is a Windows 7 with all updates and its connecting from home. The client goes to the website where they authenticate and launch the RemoteApp. – Royer Aug 03 '12 at 16:34

2 Answers2

0

If they are not on the domain, I'm rather confident their is no way to pass-through creds from web login to RDP. All the Web Access does is dynamically create a .RDP file that you download on the fly. If they were domain joined, maybe, but not from a workgroup "home" computer. Web Access does not support (without writing ASP.NET code) taking your web form logon and copying it into the .RDP file that you get when you click a app.

The best you can hope for if you must use Web Access feature is once at web form, then if you have public (purchased) SSL Cert they won't get a warning before RDP requires it's own NLA login prompt.

You'd need Citrix Web Access to get that true one-time login.

Bret Fisher
  • 3,963
  • 2
  • 20
  • 25
0

I got it wot work :) SSO does work when connecting from outside the domain. What I did was created a certificate. Then imported the certificate to the gateway and use the same certificate and imported to the RemoteApp by signing it as a digital Signature. Once that was done, I then took the same certificate to a client computer and installed it to the "Trusted Root Certification Authority". Once the certificate was imported to the client computer I then Authenticated to the TS Gateway and from there the RemoteApp was lunch without prompting for a 2nd Windows authentication.

Royer
  • 1
  • 3