I am attempting to follow the instructions listed at blogs.msdn.com/b/rds/archive/2012/06/25/remote-desktop-web-access-single-sign-on-now-easier-to-enable-in-windows-server-2012.aspx in order to get Web Based SSO to work on a new Terminal Server running 2012. I have managed to get SSO to work with RDP fairly easily, but I cannot get this to work over web with the same machines.

The desktop I'm testing with is Windows 8, and the Terminal Server is the acting Session Host and Connection Broker. The machine is added to Group Policy for Delegating Default credentials, and Use RD Gateway Credentials and bybass Gateway for local machines are both enabled. Can anyone give me some advise or insight as to what I could have potentially missed

Hi,

Are you using desktop IE to connect to RDWeb with the RDP Activex add-on enabled?

Are you using ssl certificates for the various RDS purposes that are issued from a trusted public authority such as GeoTrust, GoDaddy, Thawte, Comodo, Globalsign, Symantec, etc?

Please describe the behavior you are seeing.

Thanks.

-TP

I'm using the Desktop IE, the rdp activeX in installed and running, and the SSL certificates are signed by Digicert.

In terms of behaviour, when I browse to the address, I get a page with a login prompt and password field, with just the Domain filled in

WebSSO means you need to logon to the RDWeb page once and you should not have to enter credentials again. It does not allow you to bypass the RDWeb logon page entirely. 

Hi,

Is it possible to provide a screen shot of what you are seeing ?

Have you added the RDS website to the trusted sites in IE ?

Try resetting your IE settings and allow the active x control, Please see below:

• Reset the internet explorer settings to the default configuration by navigating to advanced internet options settings.
• Load the Remote Desktop website from internet explorer browser.
• You should then be prompted with a popup stating the webpage wants to run the following add-on: Microsoft Remote Desktop Services Web Access Con.. from Microsoft Corporation.
• Allow this.
• You can check whether the add-on is enabled by navigating to manage add-ons within the options menu. Look for the MsRdpClientShell Class ActiveX Control version 6.2.9200.16398.

You should then be able to load the Remote Desktop services 2012 website and launch remote apps and desktops using single sign on (SSO)

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/f089964d-758f-4982-889b-fc536ddb3c05

Best Regards,

Thats rather a shame; We were hoping this would be able to use our users domain credentials as a full SSO solution. However, if this is the case, nevermind, and thanks for a prompt response and assistance

Hi,

If you would like to use windows authentication (instead of forms auth), then you need to edit the RDWeb's web.config file, by default located here:

C:\Windows\Web\RDWeb\Pages

Instructions for enabling windows authentication are in the file.  Windows authentication needs to be enabled in IIS if it is not already.

Once you have all the pieces configured properly users will not need to enter credentials when they browse to RDWeb.

-TP