This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 45%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKQ%3C/text%3E%3C/svg%3E)
hi,
I have a simple RDS setup consist of :
server1: Remote Desktop Gateway, Remote Desktop Web, Remote Desktop Connection Broker (high availability mode)
server2: Session Host
server3: SQL(holds the DB for high availibility mode of server1) RD licensing
server1 has a trusted public wildcard cert used on all of the roles mentioned
RD Web on server 1 has been configured to do windows authentication per web.config in /RDWeb/Pages/
Server1 and Server2 are configured in credential delegation, Trusted internet site, etc... in group policy for all the domain joined workstations for Windows Authentication webpage login and allow CredSSP for the second hop connection to remote app.
in RDWeb:
Behavior: All domain joined workstation can windows authenticate to /RDWeb/Pages/en-us/Default.aspx
All domain joined workstation can open remote app and CredSSP provides the credential to the remote app without user entering additional credential
in RDWeb/Webclient html5:
Behavior: all domain joined workstation are prompted with username password prompt. Entering the domain credential allows user access to remote app without user entering additional credential.
Is the SSO for html5 webclient incomplete?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 41%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
I also have asked Microsoft about SSO support for the html5 webclient as the Zero Trust framework that Microsoft is talking about needs it.
The https://<hostname>/RDweb has SSO support but the HTML5 web client https://<hostname>/RDweb/webclient does not appear to have support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 52%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB2%3C/text%3E%3C/svg%3E)
Hi,
I am using RD Web and the new HTML5 web client. It's working great, however I am looking for a way to eliminate the need to manually enter a username and password (.../RDweb/webclient). Has anyone been able to get this working with crendential delegation or Single Sign On?
The answer is no. Credential Delegation with CredSSP is not supported in the HTML5 web client. It seems that it should be easy to do SAML2 or OpendID Connect, but it's not implemented by Microsoft.
Until Microsoft make that connection, check this out:
