Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO and RDP

maxime_simard_
New Contributor
‎01-18-2010 10:29:AM
‎01-18-2010 10:29:AM

SSO and RDP

Is it possible with 6.4 to do SSO with constrained delegation on a windows RDP terminal session ?

Thanks

0 Kudos
7 REPLIES 7
BryGuy_
Occasional Contributor
‎01-18-2010 11:24:AM
‎01-18-2010 11:24:AM

Re: SSO and RDP

if you have setup SSO to the SSL as your LDAP username/password then you can link that in your terminal session username and password. When you create the session, add <USER> for the username and it will use the username they login with and then you can use <PASSWORD> for the variable password field.

0 Kudos
maxime_simard_
New Contributor
‎01-19-2010 04:06:AM
‎01-19-2010 04:06:AM

Re: SSO and RDP

thanks, but i want to know if it's possible with kerberos constrained delegation, like : a user log in with is RSA token and has access SSO to a rpd session on a machine on a domain. I dont think it's possible.

0 Kudos
SharkUSMC_
Not applicable
‎01-29-2010 06:53:AM
‎01-29-2010 06:53:AM

Re: SSO and RDP

Hi. Complete newbie here, but if I understand the question correctly, I have set this up on our domain. For just Windows authentication, we use the default sign-in page. For things requiring RSA access, we use an alternate sign in page that prompts for both Windows password and RSA info. Our RSA usernames match windows usernames. Users access this page via an alternate subdomain URL.

This way the user is presented with a prompt for a username, and 2 separate boxes for passwords. The first password is the Passcode for RSA, and the 2nd password box is for the Windows password. You can label them appropriately.

Then on the Bookmark to access the RDP session we pass the credentials as follows:

domain\<USER>

<PASSWORD[2]>

That prepends the domain name to the username, and selects the 2nd password entered (which is their Windows password) rather than the RSA Passcode.

I hope that helps.

0 Kudos
maxime_simard_
New Contributor
‎02-02-2010 06:50:AM
‎02-02-2010 06:50:AM

Re: SSO and RDP

Thanks, it would help, but unfortunatly, the users dont know their windows password, that's why i would like to use constrainend delegation. anyway, i dont think this is possible...

0 Kudos
stine_
Super Contributor
‎02-03-2010 08:49:PM
‎02-03-2010 08:49:PM

Re: SSO and RDP

If your authentication server is LDAP (to an RSA server), can the RSA server send back the appropriate fields (UPN, password) for your users? If so, then you'd need to use these variables for username/password for your SSO.

I don't have any experience doing this (my setup is just like the one described above, one userid, two passwords, 1 for windows and 1 for rsa pin+token).

If you seach the forum archives, i think you should be able to find an example of returning ldap parameters to the IVE.

Hope this helps.

0 Kudos
muttbarker_
Valued Contributor
‎02-05-2010 03:44:PM
‎02-05-2010 03:44:PM

Re: SSO and RDP

No it is not possible. At least not in 6.4 / 6.5. I would hope that this capability is on the roadmap. I really like what they did with adding the SSO templates for Web resources. It would be great to see it extended to terminal services.

0 Kudos
zanyterp_
Respected Contributor
‎02-19-2010 10:36:PM
‎02-19-2010 10:36:PM

Re: SSO and RDP

As mentioned by @muttbarker*** constrained delegation is web-only and cannot be used with terminal service bookmarks

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.