Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
950
Views
5
Helpful
4
Replies

Problem with auto sign-on and RDP

capnkirk2112
Level 1
Level 1

‎07-13-2010 11:39 AM

I've searched and found a few ideas on this subject and still no luck after trying them all.  I have my vpn users authenticated through active directory and am simply trying to accomplish single sign-on through the RDP plug-in to a Server 2003 box.  Users are authenticated to WebVPN page fine.  I also have a link to our OWA and have single sign-on working for that.  The RDP plug-in works, and by default passes the username through, but I can't seem to find a straight answer as to getting the password through.  Is the csco_sso=1 all that is needed added to the bookmark (along with auto sign-on entry under webvpn) or does there need to be POST parameters?  Nothing I've tried works and if I include any POST parameters I get a "Can not find server .plugins. or DNS error" message.  I've tried without POST parameters and just the csco_sso=1 and at least I get the log on screen but no auto sign-on.  I've tried using the host name and IP in both bookmark and webvpn auto sign-on entries and no luck.  Extremely frustrating but probably pilot error.  Any help is greatly appreciated.  Thanks in advance.

Labels:
0 Helpful
4 Replies 4

Todd Pula
Level 7
Level 7

‎07-13-2010 12:26 PM

All you should require is the csco_sso=1 switch on the bookmark in order to provide SSO capabilities for the RDP plug-in.  In my lab setup, I have the RDP plugin installed on an ASA5520 running 8.0.5.  The plug-in version is dated September 15, 2009.  I am using a simple bookmark such as the following:

rdp://11.11.11.11/?DesiredColor=4&DesiredHRes=1024&DesiredVRes=768&csco_sso=1

After entering my LDAP credentials and authenticating to the portal, I click on the bookmark and it executes the Java applet in a secondary window.  If I don't include my user account in the AD group associated with RDP access on my server, I get an authentication error and the window closes.  If I do include my user account, the RDP session logs in without issue and I am not prompted for secondary credentials.  Please confirm your configuration as well as the post the version of ASA code and java plug-in that you are using.

0 Helpful

alig.norbert
Level 4
Level 4

‎12-27-2010 01:09 PM

Hi,

could you post the bookmark & POST for the SSO with OWA? I got some trouble with mines....

Thanks,

Norbert

0 Helpful

Todd Pula
Level 7
Level 7
In response to alig.norbert

‎12-28-2010 11:58 AM

Please see the attached screenshot for an OWA 2007 example.  Depending on your implementation, you may need to use a tool such as HTTP Watch in order to view the POST data.  This will enable you to see what parameters your OWA server is expecting in the POST.  You will then use this info to configure the bookmark accordingly.

Todd

Preview file
14 KB

alig.norbert
Level 4
Level 4
In response to Todd Pula

‎12-29-2010 10:57 PM

Hi Todd,

thanks.... I had run http-analyzer but missed "http:///owa/auth/owaauth.dll.

It works now like a champ...

Greets,

Norbert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents