Enabling Single Sign-On On Terminal Servers Connections
Wednesday, 25 April 2007 by Michel Roth
The Terminal Services Team is on a blogging role! Way to go guys! Especially this latest article they wrote is really good. It details on how to enable Single Sign-on for pure Terminal Servers environments without third party tools. Now before you find a really high building to jump of because you did not know this was around, don't take it too hard because this kind of Single Sign-on only is supported on Vista and Longhorn. So you'd be kind of a "early adopter" if you'd have this running. In fact, to my knowledge it's not even possible to do this on a Windows Server 2003 Terminal Server environment without third party tools (TS Clients). If I recall correctly, you could do it with the Single Sign On RDP Client by WBIsoft but don't come crying to me if this doesn't work for you. Go cry at Mark's place. Or you could just wait it out until Longhorn Server:

"What are the limitations when using Single Sign-on (on Longhorn)?

• Single Sign-On works only when connecting from a Vista or Longhorn client machine to a Vista or Longhorn server.
• If the server you are connecting to cannot be authenticated via Kerberos or SSL certificate, Single Sign-On will not work. You can circumvent this restriction by enabling "Allow Default Credentials with NTLM-only Server Authentication" policy, though I would not recommend it. (NTLM-only Server Authentication does not confirm the server's identity. Sending your credentials to such server is dangerous.)
• If you have saved credentials for the target machine they take precedence over the current credentials.
• Single Sign-On works only when using domain user accounts. (Theoretically one can make it working for local accounts as well, but this is not an officially supported scenario.)
• If the Terminal Server connection is configured to go through a TS Gateway server then in some cases the settings of the TS Gateway server can override the TS Single Sign-on setting.

Be sure to read the entire article here.

Related Items:

Single Credential Prompt For TS Gateway Server And Terminal Server (6 May 2007)
Federation Reflection: A Better Way To Do Pass-Through Authentication? (7 November 2006)
Introducing Web Single Sign-On for RemoteApp and Desktop Connections (12 August 2009)
Stoneware Releases Citrix/Terminal Server SSO (27 February 2006)
RDP Client 6.0 FAQ (24 January 2007)
WBIsoft.com Releases XPtsFree: A "Free" Single Sign On Remote Desktop Client (5 June 2006)
SCB Solutions Releases Smart Card and Biometric Single Sign-On For Citrix (21 February 2006)
The New Citrix Authentication Landscape (6 December 2006)
10 Things I Hate About .... The RDP 6.0 Client (29 March 2007)
Citrix' Project Callisto Team Starts Blogging (24 November 2006)
Comments (0)
Show/Hide comment form