SAML Remote Desktop Services Windows Server 2012R2

adfsremote-desktop-servicessamlwindows-server-2012-r2

I want to implement SAML for Remote Desktop Services on Windows Server 2012R2.

First, is it possible ?

Then, I want to authenticate users from another AD with my RDS, like this architecture : https://technet.microsoft.com/en-us/library/dd807050(v=ws.11).aspx

At this point, I'm able to authenticate users with SSO on the same AD, but not with an other.

Best Answer

Yes I think it should work while I haven't test this so far. Create & configure ADFS server on the domain B, then create claim provide trust on domain A to make the domain A can accept the users' security token issued by domain B. Also consider the followings:

Network consideration: No matter the users of domain B access the claim-aware application from the Intranet or Internet. The Federation Service Name of domain A and domain B should be able to resolve correctly. If you are using WAP then the external federation service name should be resolved to the IP of WAP server. The Port 443 should not be blocked by the firewall.
Certificate consideration: The SSL certificates used in these two domains should be trusted on each domain and the external accessed clients.

More details about the ADFS requirements to get it works you can refer to docs here:

Best Answer

Related Solutions

How to override client supplied logon domain in Windows Server 2012R2 Remote Desktop Services

Remote Control with Remote Desktop Services Manager – error Access is denied (Windows Server 2012 R2)

Related Topic