Remote desktop html5 webclient windows authentication



I have a simple RDS setup consist of :

server1: Remote Desktop Gateway, Remote Desktop Web, Remote Desktop Connection Broker (high availability mode)
server2: Session Host
server3: SQL(holds the DB for high availibility mode of server1) RD licensing

server1 has a trusted public wildcard cert used on all of the roles mentioned

RD Web on server 1 has been configured to do windows authentication per web.config in /RDWeb/Pages/

Server1 and Server2 are configured in credential delegation, Trusted internet site, etc... in group policy for all the domain joined workstations for Windows Authentication webpage login and allow CredSSP for the second hop connection to remote app.

in RDWeb:
Behavior: All domain joined workstation can windows authenticate to /RDWeb/Pages/en-us/Default.aspx
All domain joined workstation can open remote app and CredSSP provides the credential to the remote app without user entering additional credential

in RDWeb/Webclient html5:
Behavior: all domain joined workstation are prompted with username password prompt. Entering the domain credential allows user access to remote app without user entering additional credential.

Is the SSO for html5 webclient incomplete?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
3,976 questions
{count} votes

1 answer

Sort by: Most helpful
  1. 2023-05-04T12:35:59.68+00:00

    The answer is no. Credential Delegation with CredSSP is not supported in the HTML5 web client. It seems that it should be easy to do SAML2 or OpendID Connect, but it's not implemented by Microsoft.

    Until Microsoft make that connection, check this out:

    0 comments No comments