Problem with auto sign-on and RDP

Unanswered Question
Jul 13th, 2010

I've searched and found a few ideas on this subject and still no luck after trying them all.  I have my vpn users authenticated through active directory and am simply trying to accomplish single sign-on through the RDP plug-in to a Server 2003 box.  Users are authenticated to WebVPN page fine.  I also have a link to our OWA and have single sign-on working for that.  The RDP plug-in works, and by default passes the username through, but I can't seem to find a straight answer as to getting the password through.  Is the csco_sso=1 all that is needed added to the bookmark (along with auto sign-on entry under webvpn) or does there need to be POST parameters?  Nothing I've tried works and if I include any POST parameters I get a "Can not find server .plugins. or DNS error" message.  I've tried without POST parameters and just the csco_sso=1 and at least I get the log on screen but no auto sign-on.  I've tried using the host name and IP in both bookmark and webvpn auto sign-on entries and no luck.  Extremely frustrating but probably pilot error.  Any help is greatly appreciated.  Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Todd Pula Tue, 07/13/2010 - 12:26

All you should require is the csco_sso=1 switch on the bookmark in order to provide SSO capabilities for the RDP plug-in.  In my lab setup, I have the RDP plugin installed on an ASA5520 running 8.0.5.  The plug-in version is dated September 15, 2009.  I am using a simple bookmark such as the following:


After entering my LDAP credentials and authenticating to the portal, I click on the bookmark and it executes the Java applet in a secondary window.  If I don't include my user account in the AD group associated with RDP access on my server, I get an authentication error and the window closes.  If I do include my user account, the RDP session logs in without issue and I am not prompted for secondary credentials.  Please confirm your configuration as well as the post the version of ASA code and java plug-in that you are using.

alig.norbert Mon, 12/27/2010 - 13:09


could you post the bookmark & POST for the SSO with OWA? I got some trouble with mines....



Todd Pula Tue, 12/28/2010 - 11:58

Please see the attached screenshot for an OWA 2007 example.  Depending on your implementation, you may need to use a tool such as HTTP Watch in order to view the POST data.  This will enable you to see what parameters your OWA server is expecting in the POST.  You will then use this info to configure the bookmark accordingly.


alig.norbert Wed, 12/29/2010 - 22:57

Hi Todd,

thanks.... I had run http-analyzer but missed "http:///owa/auth/owaauth.dll.

It works now like a champ...




This Discussion