I have a simple RDS setup consist of :
server1: Remote Desktop Gateway, Remote Desktop Web, Remote Desktop Connection Broker (high availability mode)
server2: Session Host
server3: SQL(holds the DB for high availibility mode of server1) RD licensing
server1 has a trusted public wildcard cert used on all of the roles mentioned
RD Web on server 1 has been configured to do windows authentication per web.config in /RDWeb/Pages/
Server1 and Server2 are configured in credential delegation, Trusted internet site, etc... in group policy for all the domain joined workstations for Windows Authentication webpage login and allow CredSSP for the second hop connection to remote app.
Behavior: All domain joined workstation can windows authenticate to /RDWeb/Pages/en-us/Default.aspx
All domain joined workstation can open remote app and CredSSP provides the credential to the remote app without user entering additional credential
in RDWeb/Webclient html5:
Behavior: all domain joined workstation are prompted with username password prompt. Entering the domain credential allows user access to remote app without user entering additional credential.
Is the SSO for html5 webclient incomplete?