Remote Desktop (RD) Web Access Server (2012 R2) Integration Guide

Similar documents
DYNAMICS AX 2012 R3 ENTERPRISE PORTAL SETUP WITH AUTH0

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

SecureAuth IdP Realm Guide

How to Use ADFS to Implement Single Sign-On for an ASP.NET MVC Application

.NET SAML Consumer Value-Added (VAM) Deployment Guide

ReportPlus Web 5 Kerberos Sign-on Configuration

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

Google SAML Integration with ETV

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

Microsoft ADFS Configuration

Authentication. August 17, 2018 Version 9.4. For the most recent version of this document, visit our documentation website.

Authentication Guide

SharePoint 3.0 / MOSS 2007 Configuration Guide

Webthority can provide single sign-on to web applications using one of the following authentication methods:

RSA SecurID Access WS-Fed Configuration for Microsoft SharePoint

Integrating YuJa Active Learning into ADFS via SAML

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Integrating YuJa Active Learning into Google Apps via SAML

RSA SecurID Access SAML Configuration for Datadog

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

VAM. PeopleSoft Value-Added Module (VAM) Deployment Guide

Two factor authentication for Microsoft Remote Desktop Web Access

Juniper Networks SSL VPN Integration Guide

Setting Up Resources in VMware Identity Manager

SafeNet Authentication Manager

Microsoft Code Name "Geneva" Framework Whitepaper for Developers

Protecting SugarCRM with SafeNet Authentication Manager

This section includes troubleshooting topics about single sign-on (SSO) issues.

RSA SecurID Access SAML Configuration for Kanban Tool

Microsoft Code Name "Geneva" Framework Whitepaper for Developers

SecurEnvoy Microsoft Server Agent Installation and Admin Guide v9.3

RSA SecurID Access SAML Configuration for StatusPage

Configuring Alfresco Cloud with ADFS 3.0

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

SafeNet Authentication Manager

WorkPlace Applications Installation/Upgrade Guide

SAML 2.0 SSO. Set up SAML 2.0 SSO. SAML 2.0 Terminology. Prerequisites

Integrating the YuJa Enterprise Video Platform with ADFS (SAML)

Configuration Guide - Single-Sign On for OneDesk

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: May 2015

Configuring Confluence

Integrating YuJa Active Learning with ADFS (SAML)

Java SAML Consumer Value-Added Module (VAM) Deployment Guide

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

SecurEnvoy Microsoft Server Agent

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

VAM. Java SAML Consumer Value- Added Module (VAM) Deployment Guide

Qualys SAML & Microsoft Active Directory Federation Services Integration

SAML-Based SSO Configuration

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Colligo Console. Administrator Guide

AirWatch Mobile Device Management

Integrating AirWatch and VMware Identity Manager

Okta Microsoft SharePoint On- Premises Deployment Guide

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

VAM. CAS Installer (for 2FA) Value- Added Module (VAM) Deployment Guide

Okta Integration Guide for Web Access Management with F5 BIG-IP

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

VAM. Radius 2FA Value-Added Module (VAM) Deployment Guide

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Citrix NetScaler Gateway 12.0

ComponentSpace SAML v2.0 Okta Integration Guide

TUT Integrating Access Manager into a Microsoft Environment November 2014

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Oracle WebLogic. Overview. Prerequisites. Baseline. Architecture. Installation. Contents

Quick Start Guide for SAML SSO Access

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Google SAML Integration

Five9 Plus Adapter for Agent Desktop Toolkit

Configuring and Delivering Salesforce as a managed application to XenMobile Users with NetScaler as the SAML IDP (Identity Provider)

Configure the Identity Provider for Cisco Identity Service to enable SSO

Unity Connection Version 10.5 SAML SSO Configuration Example

Migrating vrealize Automation 6.2 to 7.2

Configuring Claims-based Authentication for Microsoft Dynamics CRM Server. Last updated: June 2014

VMware Identity Manager Integration with Office 365

with Access Manager 51.1 What is Supported in This Release?

Quick Start Guide for SAML SSO Access

BEST PRACTICES GUIDE RSA MIGRATION MODULE

Hands-On Lab. Introduction to the AppFabric Access Control Service (September 2010 Labs Release) Lab version: 1.0.0

Cloud Secure Integration with ADFS. Deployment Guide

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

NETOP PORTAL ADFS & AZURE AD INTEGRATION

APM Proxy with Workspace One

OneLogin Integration User Guide

RECOMMENDED DEPLOYMENT PRACTICES. The F5 and Okta Solution for High Security SSO

Integration Documentation. Automated User Provisioning Common Logon, Single Sign On or Federated Identity Local File Repository Space Pinger

Using Microsoft Azure Active Directory MFA as SAML IdP with Pulse Connect Secure. Deployment Guide

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration

Morningstar ByAllAccounts SAML Connectivity Guide

2 Oracle WebLogic Overview Prerequisites Baseline Architecture...6

RSA SecurID Access SAML Configuration for Samanage

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Overview. Here is a summarized diagram of the application architecture:

AD FS CONFIGURATION GUIDE

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

Security Provider Integration SAML Single Sign-On

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

Transcription:

Remote Desktop (RD) Web Access Server (2012 R2) Integration Guide Introduction Use this guide to enable secure, Single Sign-on (SSO) access via WS-Federation to Remote Desktop (RD) Web Access Server (2012 R2). Prerequisites 1. Have RD Web Access Server (2012 R2) installed and operational 2. Create a New Realm in the SecureAuth IdP Web Admin for the RD Web Access Server integration 3. Configure the SecureAuth IdP realm to pass a UPN Claim to RD Web Access Server as the identity (Data Store Tab)

Windows Identity Federation (WIF) Configuration Steps Windows Identity Federation (WIF) is a Microsoft Framework used to build identity-aware applications, and is a core component that must be installed on both the RD Web Access and SecureAuth IdP servers before configuration 1. To install WIF on the RD Web Server, download WIF from Microsoft's Download Center For Windows Server 2012 R2+, use Roles and Features Installer Modify the C2WTShost.exe.config File 2. Run Notepad as Administrator and open C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config 3. Add the following lines to the existing configuration: <allowedcallers> <clear /> <add value="iis APPPOOL\RDWebAccess" /> </allowedcallers> 4. Save the file Enable the Claims to Windows Token Service (C2WTS) 5. On the RDWeb Server, open services.msc 6. In the list of services, right-click Claims to Windows Token Service and select Properties 7. Set the Startup type to Automatic 8. Click Start to begin the service Set the Claims to Windows Token Service (C2WTS) to start after the Cryptographic Services Service Per Microsoft, make sure that Cryptographic Services Service is guaranteed to start before C2WTS by explicitly adding the following dependency in the service definition: 9. Open a command prompt 10. Type sc config c2wts depend= CryptSvc 11. Select Start > Run > services.msc to open the Services console 12. Find the Claims to Windows Token Service 13. Open the Properties for the service 14. On the Dependencies tab, verify that Cryptographic Services is listed 15. Click OK

SecureAuth IdP Configuration Steps Important For these instructions, the expectation is that the correct attributes are passed to WSFedProvider.aspx. In some cases, however, it may be necessary to utilize the custom redirect page and pass the parameters directly. Post Authentication 1. Select WS-Federation Assertion from the Authenticated User Redirect dropdown in the Post Authentication s ection An unalterable URL will be auto-populated in the Redirect To field, which will append to the domain name and realm number in the address bar (Authorized/WSFedProvider.aspx) User ID Mapping 2. Select Authenticated User ID from the User ID Mapping dropdown

SAML Assertion / WS Federation 3. Set the WSFed Reply To/SAML Target URL to https://<rdweb-fqdn>/rdweb/pages/ 4. Set the WSFed/SAML Issuer to the Fully Qualified Domain Name (FQDN) of the SecureAuth IdP appliance, followed by the current RD Web Access integration realm, e.g. https://secureauth.co mpany.com/secureauth2 5. Set the SAML Audience to urn:microsoft:rdwe b No configuration is required for the SAML Consumer URL or SAML Recipient field s 6. Leave the Signing Cert Serial Number and Ass ertion Signing Certificate as default, unless using a third-party certificate Click Select Certificate to choose a different certificate 7. Download the Assertion Signing Certificate, which is used in the RD Web Access Configuration Steps below 8. In the Attribute 2 section, set Name to UPN 9. Set Namespace (1.1) to http://schemas.xmlso ap.org/ws/2005/05/identity/claims/upn 10. Select Basic from the Format dropdown 11. Select Authenticated User ID from the Value d ropdown Click Save once the configurations have been completed and before leaving the Post Authentication page to avoid losing changes (Optional) Parameters Troubleshooting If parameters are not passed to the WSFedProvider.aspx page correctly during execution, change the Authenticated User Redirect to Use Custom Redirect, then set the Redirect To field to include the required parameters, example: Authorized/WSFedProvider.asp x?wa=wsignin1.0&wtrealm=http s%3a%2f%2f<rdweb-fqdn>% 2fRDWeb%2fPages%2f&wctx=r m%3d0%26id%3dpassive%26ru %3d%252fRDWeb%252fPages% 252f

RD Web Access Configuration Steps Update the RDWeb Access Application Pool 1. Open the Internet Information Services (IIS) Manager 2. Click on Application Pools 3. Right-click on RDWebAccess pool and select Advance d Settings 4. Set the Load User Profile option to True Update the RD Web Access web.config Make a backup of the existing web.config file before any modifications 5. From Server 2012, run Notepad as Administrator and open C:\Windows\Web\RDWeb\Pages\web.config 6. At the top of the file after <configuration>, add the following lines: <!-- SecureAuth --> <configsections> <section name="microsoft.identitymodel" type="microsoft.identitymodel.configuration.microsoftident itymodelsection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configsections> <!-- /SecureAuth --> 7. Under the <system.web> tag, add the following lines: <!-- SecureAuth --> <httpruntime requestvalidationmode="2.0" /> <pages validaterequest="false" /> <!-- /SecureAuth --> 8. Under the <system.web> tag, modify / add the <authorization> and <authentication> tags to display the following lines: <!-- SecureAuth --> <authorization><deny users="?" /></authorization> <authentication mode="none" /> <!-- /SecureAuth --> 9. Alter the <modules> tag to match <modules runallmanagedmodulesforallrequests= true > 10. Within the <modules> section, add the following lines:

<!-- SecureAuth --> <add name="wsfederationauthenticationmodule" type="microsoft.identitymodel.web.wsfederationauthenticati onmodule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" precondition="managedhandler" /> <add name="sessionauthenticationmodule" type="microsoft.identitymodel.web.sessionauthenticationmod ule, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" precondition="managedhandler" /> <!-- /SecureAuth --> 11. In the RD Web Access application, provide the certificate Thumbprint from the Assertion Signing Certificate d ownloaded from the SecureAuth IdP Web Admin earlier (SecureAuth IdP Configuration Step 7) Create Certificate Thumbprint: 1. Open the Assertion Signing Certificate, and enter the Details tab 2. Copy the Thumbprint value and paste it into Notepad (see the example on line 28 in the code below) IMPORTANT: In Notepad, be sure to remove all spaces and change all letters to UPPERCASE 12. Under </runtime>, add the following lines: Replace the values between the @@@ on lines 7, 20 and 28 with the actual FQDN of the SecureAuth Idp appliance and RD Web Access Server-integrated realm, e.g. secureauth.company.com/secureauth2 Replace RDWeb-FQDN with the actual FQDN of the RD Web Access Server The issuer value in the code must match the WSFed/SAML Issuer value set in the SecureAuth IdP Web Admin (SecureAuth IdP Configuration step 4) Delete the @@@ symbols from the code after entering the proper values

<!--SecureAuth--> <microsoft.identitymodel> <service> <audienceuris> <add value="urn:microsoft:rdweb" /> <add value="@@@https://rdweb-fqdn/rdweb/pages/@@@" /> </audienceuris> <securitytokenhandlers> <remove type="microsoft.identitymodel.tokens.sessionsecuritytokenh andler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add type="microsoft.identitymodel.tokens.sessionsecuritytokenh andler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <sessiontokenrequirement usewindowstokenservice="true"/> </add> <add type="microsoft.identitymodel.tokens.saml11.saml11security TokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <samlsecuritytokenrequirement maptowindows="true" usewindowstokenservice="true" /> </add> </securitytokenhandlers> <federatedauthentication> <wsfederation passiveredirectenabled="true" issuer="@@@https://<secureauth-fqdn/rdwebaccessintegratedr ealm/@@@" realm="@@@https://rdweb-fqdn/rdweb/pages/@@@" requirehttps="true" /> <cookiehandler requiressl="false" /> </federatedauthentication> <applicationservice> </applicationservice> <issuernameregistry type="microsoft.identitymodel.tokens.configurationbasediss uernameregistry, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"> <trustedissuers> <add thumbprint="@@@a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6abcd@@@ " name="@@@https://<secureauth-fqdn>/sardwebrealm@@@" /> </trustedissuers> </issuernameregistry> <certificatevalidation certificatevalidationmode="none" /> </service> </microsoft.identitymodel> <!--/SecureAuth-->

13. Save the web.config file To test the configuration, access the RD Web Access Server page URL directly or from the SecureAuth IdP realm. If a page showing application icons appears, then access into the RD Web Access application was successful.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback