Saturday, September 12, 2009
Present-V Single Sign On (SSO)
Recently, I have worked with the interns to setup a cross domain Present-V POC, with the Exchange infrastructure on one domain and the windows clients & terminal server on another. Initially, winxp users need to keep logging in with password to launch remoteapp, while win7/vista users are able to launch remoteapp with Single Sign On (SSO). A deeper search reveals that SSO to Terminal Services 2008 uses the Credential Security Service Provider (CredSSP). CredSSP delegates credentials to defined target servers and is native to Windows Vista. Windows XP SP3 includes CredSSP but it is not enabled by default.
To enable SSO, here is the solution. Take note that SSO can only be used for password authentication (i.e. not smart card authentication)