Hi,
I'm building Web Application Proxy with ADFS Preauth for RD Web and Gateway. Can anybody help with these 3 questions:
- ADFS:
What is the best way to configure Relying Party Trusts in ADFS for RD Web and Gateway? - RD Web:
If I configure RD Web for windows integrated authentication, then I can logon to ADFS and successfully access the RD Web page, however no credentials are passed through to the client for connecting via RD Gateway.
If I configure RD Web for forms based authentication then I have to logon twice however it appears to set a TSWAAuthHttpOnlyCookie cookie correctly and credentials are passed through to the client for connecting via RD gateway.
How do I achieve SSO for both RD Web and RD Gateway? - RD Gateway:
I can't get gateway to work through WAP. I am wondering if this might be because it is attempting to authenticate with NTLM instead of Kerberos? I get repeated auth popups with "the logon attempt failed". Nothing useful in Web Application Proxy log. In the headers below extracted from fiddler my WAP is 'rdsext.lab.local'.
About the only doco I've found on this is here: https://technet.microsoft.com/en-us/library/dn765486.aspx
Any assistance appreciated!
Simon.
RDG_OUT_DATA https://rdsext.lab.local/remoteDesktopGateway/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
Cookie: TSWAAuthClientSideCookie=Name=lab%5Ctestuser&MachineType=public&WorkSpaceID=CB1.lab.local
User-Agent: MS-RDGateway/1.0
RDG-Connection-Id: {9DB5E643-DA7E-4D22-89FF-F6AB061CFBDE}
RDG-Correlation-Id: {6BB275E1-B8E1-44EE-B45C-ABE1BCA00000}
RDG-User-Id: dAB0AEAAcwBsAGEAYgA=
Host: rdsext.lab.local
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==