Skip to main content
Skip table of contents

Credential Provider - RDP SSO support

Starting with version 3.6, CP adds support for RDP Authentication - using Veridium CP and Single Sign on.

See video for User Experience:

Configuration:

  • Veridium Credential Provider must be installed on both - Windows Client and Server machine (machine where users are trying to connect to).

  • On Server machine, the following registry key must be set:

    CODE
    [HKEY_LOCAL_MACHINE\SOFTWARE\VeridiumID\VeridiumAD]
    "EnableRDPSSO"=dword:00000001
  • Veridium RA server must be also minimum version 3.6. The following keys are mandatory on RA Web.config:

    CODE
    <add key="bopsValidateTokenOnline" value="true" />  
    <add key="UseEnrollmentAgent" value="true" />  
    <add key="AddAccountName" value="false" />
  • The Windows Event log documenting VeridiumRA get-certificate operation displays the following information:

    CODE
    {
      "Module": "VeridiumRA",
      "Method": "POST:api/BopsCertificate",
      "UPN": ";MSKSP;CX;NOCACHE",
      "EVENT_SOURCE": "VeridiumRA",
      "ThreadID": 24,
      "Messages": [
        {
          "variable": "Info",
          "value": "ValidateTokenRequest - Check Identity token format JSON"
        },
        {
          "variable": "Info",
          "value": "ValidateTokenRequest - Identity token format is JWT"
        },
        {
          "variable": "SessionID from JWTToken:",
          "value": "9102892d-5718-45cb-bc24-8ea815ed93d7"
        },
        {
          "variable": "upnValidated",
          "value": "gtureac@dev.local"
        },
        {
          "variable": "SID Validated",
          "value": "S-1-5-21-410015106-2063711249-828150371-2119"
        },
        {
          "variable": "Citrix:",
          "value": "True"
        },
        {
          "variable": "Enroll Certificate",
          "value": "Signer certificate found"
        },
        {
          "variable": "Debug",
          "value": "Enroll Certificate - raw request ... "
        },
        {
          "variable": "Info",
          "value": "Enroll Certificate - submit request for  - forcing config:dev-dc4.dev.local\\dev-DEV-DC1-CA-1"
        },
        {
          "variable": "Info",
          "value": "Enroll Certificate - dev-dc4.dev.local\\dev-DEV-DC1-CA-1 issued new BopsUserMSKSP certificate; Thumbprint 03F051E6966E487C689208FE4B6BE0213DAC3818"
        },
        {
          "variable": "Info BuildRequest END",
          "value": "Enroll Certificate - new certificate returned"
        },
        {
          "variable": "info",
          "value": "GetCertificate - search new certificate by Thumbprint 03F051E6966E487C689208FE4B6BE0213DAC3818"
        },
        {
          "variable": "Info",
          "value": "GetCertificate - found new certificate by Thumbprint 03F051E6966E487C689208FE4B6BE0213DAC3818"
        },
        {
          "variable": "Info",
          "value": "GetCertificate - export to p12 format protected"
        },
        {
          "variable": "Info",
          "value": "MySQLite == null"
        },
        {
          "variable": "Info - RAFile",
          "value": "c:\\windows\\temp\\RA.sqlite"
        },
        {
          "variable": "Info - RAFile doesnt exist",
          "value": "c:\\windows\\temp\\RA.sqlite"
        },
        {
          "variable": "Info",
          "value": "RAFile (c:\\windows\\temp\\RA.sqlite) doesn't exist"
        },
        {
          "variable": "Info",
          "value": "create table OK"
        },
        {
          "variable": "Info",
          "value": "create index OK"
        },
        {
          "variable": "Info",
          "value": "timer created"
        },
        {
          "variable": "Info",
          "value": "total certificates in cache:0"
        },
        {
          "variable": "Info",
          "value": "Cached cert NOT found, doing INSERT"
        },
        {
          "variable": "Info",
          "value": "GetCertificate - storing cert to cache:03F051E6966E487C689208FE4B6BE0213DAC3818"
        },
        {
          "variable": "Info",
          "value": "GetCertificate - End"
        }
      ],
      "TimeProfile": [
        {
          "time": "2024-05-15T11:32:01.7577395+00:00",
          "duration": 0,
          "decription": "Beginning"
        },
        {
          "time": "2024-05-15T11:32:01.7577395+00:00",
          "duration": 0,
          "decription": "Step 1:EnrollFunction BEGIN template:BopsUserMSKSP"
        },
        {
          "time": "2024-05-15T11:32:01.8577259+00:00",
          "duration": 99,
          "decription": "Step 2:FindCA.FindCAsForTemplate"
        },
        {
          "time": "2024-05-15T11:32:01.8577259+00:00",
          "duration": 0,
          "decription": "Step 3:FindCert.FindSignerCert"
        },
        {
          "time": "2024-05-15T11:32:02.0586628+00:00",
          "duration": 200,
          "decription": "Step 4:BuildRequest"
        },
        {
          "time": "2024-05-15T11:32:02.1055173+00:00",
          "duration": 46,
          "decription": "Step 5:AddCACertificatesToRequest/CreateRequest base64"
        },
        {
          "time": "2024-05-15T11:32:02.1587614+00:00",
          "duration": 53,
          "decription": "Step 6:SubmitRequest"
        },
        {
          "time": "2024-05-15T11:32:02.189985+00:00",
          "duration": 31,
          "decription": "Step 7:Export PFX"
        },
        {
          "time": "2024-05-15T11:32:02.3587787+00:00",
          "duration": 168,
          "decription": "Step 8:Write to cache"
        }
      ],
      "InputParameters": [
        {
          "variable": "request.bopsUpn",
          "value": ";MSKSP;CX;NOCACHE"
        },
        {
          "variable": "request.bopsToken",
          "value": "..."
        }
      ],
      "Return": {
        "ReturnCode": 0,
        "NativeReturnCode": 0,
        "Text": "Info",
        "Description": "Certificate for user gtureac@dev.local successfully enrolled",
        "Details": ""
      },
      "ActivityStartTime": "2024-05-15T11:32:00.9243917+00:00",
      "ActivityEndTime": "2024-05-15T11:32:02.3587787+00:00",
      "Duration": 1434
    }

The VeridiumCP log file looks as follows:

CODE
2024-05-15 11:32:03.733 10 21728 CBopsProvider::CBopsProvider INIT
2024-05-15 11:32:03.734 10 21728 CBopsProvider_CreateInstance
2024-05-15 11:32:03.750 10 21728 CBopsProvider::CBopsProvider INIT
2024-05-15 11:32:03.751 10 21728 CBopsProvider_CreateInstance
2024-05-15 11:32:03.752 10 21728 CBopsProvider::UpdateRemoteCredential
2024-05-15 11:32:03.754 10 21728 CBopsProvider::UpdateRemoteCredential ulAuthenticationPackage:0
2024-05-15 11:32:03.755 10 21728 CBopsProvider::UpdateRemoteCredential in size:740
2024-05-15 11:32:03.755 10 21728 CBopsProvider::UpdateRemoteCredential in full:DQAAAAAAAAAAAAIAAAAAAFoBAAAAAAAAAAACAAAAAABcAQAAAAAAAAgBCgEAAAAAUAAAAAAAAAAAAAAAhAEAAGABAAAAAAAAAAAAAAAAAABAAEAARAAHAAgADAAKAA0AWQBCAEEAQQBBAEEAbgBQAEEAQQBBAEEAQQBBAEEAQQBnACMAdgBSAHMAUgBjAHUAdgA2ADIAeABSAFgAeABQAEgALQBxAFEATABuAGMALQBBAGoAVgB1AEEAZQBHAGwAWgBWAEcAagAtAGsAZgBtADIAcQBDAGEAZQAjAEkAUwBTAFAAWQAjAEQARgBOAGQAbgBMAEkAZAByAEMASAAyAGYAbgA0AE0AcQB3AEEAYgBnAGMANwBMADIAdgB6AGQARQBSAHQAUQBRAE0AZgBZAE0AYgB6AG0ATwAzADAAUwA3AEEAbgB3AEYAagA3AEMAcQA5AEIAQgAAAAAAAAAAAIQBAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAgAAAIYAAAAAAAAAOQAxADAAMgA4ADkAMgBkAC0ANQA3ADEAOAAtADQANQBjAGIALQBiAGMAMgA0AC0AOABlAGEAOAAxADUAZQBkADkAMwBkADcAUwAtADEALQA1AC0AMgAxAC0ANAAxADAAMAAxADUAMQAwADYALQAyADAANgAzADcAMQAxADIANAA5AC0AOAAyADgAMQA1ADAAMwA3ADEALQAyADEAMQA5AC0AQgBvAHAAcwBVAHMAZQByAE0AUwBLAFMAUAAtADEAZgA0ADEANgAwADMANAAtAGUAYgBmADcALQA0AGIAZgBhAC0AOABlADEAZQAtADAAZQA2ADAAOQA3AGMAMQA2AGYAYQA2AAAATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIAAAA=
2024-05-15 11:32:03.756 10 21728 CBopsProvider::SetSerialization Provider:Microsoft Software Key Storage Provider
2024-05-15 11:32:03.757 10 21728 CBopsProvider::SetSerialization Container:9102892d-5718-45cb-bc24-8ea815ed93d7S-1-5-21-410015106-2063711249-828150371-2119-BopsUserMSKSP-1f416034-ebf7-4bfa-8e1e-0e6097c16fa6
2024-05-15 11:32:03.758 10 21728 CBopsProvider::SetSerialization SessionID:9102892d-5718-45cb-bc24-8ea815ed93d7
2024-05-15 11:32:03.759 10 21728 CBopsProvider::SetSerialization SessionID:9102892d-5718-45cb-bc24-8ea815ed93d7 verified
2024-05-15 11:32:03.759 10 21728 CBopsProvider::UpdateRemoteCredential size:740
2024-05-15 11:32:03.760 10 21728 CBopsProvider::UpdateRemoteCredential STEP: memory allocation OK
2024-05-15 11:32:03.761 10 21728 CBopsProvider::UpdateRemoteCredential out size:740
2024-05-15 11:32:03.761 10 21728 CBopsProvider::UpdateRemoteCredential out full:DQAAAAAAAAAAAAIAAAAAAFoBAAAAAAAAAAACAAAAAABcAQAAAAAAAAgBCgEAAAAAUAAAAAAAAAAAAAAAhAEAAGABAAAAAAAAAAAAAAAAAABAAEAARAAHAAgADAAKAA0AWQBCAEEAQQBBAEEAbgBQAEEAQQBBAEEAQQBBAEEAQQBnACMAdgBSAHMAUgBjAHUAdgA2ADIAeABSAFgAeABQAEgALQBxAFEATABuAGMALQBBAGoAVgB1AEEAZQBHAGwAWgBWAEcAagAtAGsAZgBtADIAcQBDAGEAZQAjAEkAUwBTAFAAWQAjAEQARgBOAGQAbgBMAEkAZAByAEMASAAyAGYAbgA0AE0AcQB3AEEAYgBnAGMANwBMADIAdgB6AGQARQBSAHQAUQBRAE0AZgBZAE0AYgB6AG0ATwAzADAAUwA3AEEAbgB3AEYAagA3AEMAcQA5AEIAQgAAAAAAAAAAAIQBAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAgAAAIYAAAAAAAAAOQAxADAAMgA4ADkAMgBkAC0ANQA3ADEAOAAtADQANQBjAGIALQBiAGMAMgA0AC0AOABlAGEAOAAxADUAZQBkADkAMwBkADcAUwAtADEALQA1AC0AMgAxAC0ANAAxADAAMAAxADUAMQAwADYALQAyADAANgAzADcAMQAxADIANAA5AC0AOAAyADgAMQA1ADAAMwA3ADEALQAyADEAMQA5AC0AQgBvAHAAcwBVAHMAZQByAE0AUwBLAFMAUAAtADEAZgA0ADEANgAwADMANAAtAGUAYgBmADcALQA0AGIAZgBhAC0AOABlADEAZQAtADAAZQA2ADAAOQA3AGMAMQA2AGYAYQA2AAAATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIAAAA=
2024-05-15 11:32:03.762 10 21728 CBopsProvider::UpdateRemoteCredential STEP2
2024-05-15 11:32:03.762 10 21728 CBopsProvider::Filter
2024-05-15 11:32:03.763 10 21728 CBopsProvider::Filter CPUS_LOGON, CPUS_UNLOCK_WORKSTATION
2024-05-15 11:32:03.796 10 21728 SetUsageScenario:1 dwFlags:0
2024-05-15 11:32:03.796 10 21728 CBopsProvider::SetSerialization BEGIN
2024-05-15 11:32:03.797 10 21728 CBopsProvider::SetSerialization STEP1
2024-05-15 11:32:03.797 10 21728 CBopsProvider::SetSerialization size:740
2024-05-15 11:32:03.798 10 21728 CBopsProvider::SetSerialization Full:DQAAAAAAAAAAAAIAAAAAAFoBAAAAAAAAAAACAAAAAABcAQAAAAAAAAgBCgEAAAAAUAAAAAAAAAAAAAAAhAEAAGABAAAAAAAAAAAAAAAAAABAAEAARAAHAAgADAAKAA0AWQBCAEEAQQBBAEEAbgBQAEEAQQBBAEEAQQBBAEEAQQBnACMAdgBSAHMAUgBjAHUAdgA2ADIAeABSAFgAeABQAEgALQBxAFEATABuAGMALQBBAGoAVgB1AEEAZQBHAGwAWgBWAEcAagAtAGsAZgBtADIAcQBDAGEAZQAjAEkAUwBTAFAAWQAjAEQARgBOAGQAbgBMAEkAZAByAEMASAAyAGYAbgA0AE0AcQB3AEEAYgBnAGMANwBMADIAdgB6AGQARQBSAHQAUQBRAE0AZgBZAE0AYgB6AG0ATwAzADAAUwA3AEEAbgB3AEYAagA3AEMAcQA5AEIAQgAAAAAAAAAAAIQBAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAgAAAIYAAAAAAAAAOQAxADAAMgA4ADkAMgBkAC0ANQA3ADEAOAAtADQANQBjAGIALQBiAGMAMgA0AC0AOABlAGEAOAAxADUAZQBkADkAMwBkADcAUwAtADEALQA1AC0AMgAxAC0ANAAxADAAMAAxADUAMQAwADYALQAyADAANgAzADcAMQAxADIANAA5AC0AOAAyADgAMQA1ADAAMwA3ADEALQAyADEAMQA5AC0AQgBvAHAAcwBVAHMAZQByAE0AUwBLAFMAUAAtADEAZgA0ADEANgAwADMANAAtAGUAYgBmADcALQA0AGIAZgBhAC0AOABlADEAZQAtADAAZQA2ADAAOQA3AGMAMQA2AGYAYQA2AAAATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIAAAA=
2024-05-15 11:32:03.799 10 21728 CBopsProvider::SetSerialization ulAuthenticationPackage:0
2024-05-15 11:32:03.799 10 21728 CBopsProvider::SetSerialization Provider:Microsoft Software Key Storage Provider
2024-05-15 11:32:03.800 10 21728 CBopsProvider::SetSerialization Container:9102892d-5718-45cb-bc24-8ea815ed93d7S-1-5-21-410015106-2063711249-828150371-2119-BopsUserMSKSP-1f416034-ebf7-4bfa-8e1e-0e6097c16fa6
2024-05-15 11:32:03.800 10 21728 CBopsProvider::SetSerialization SessionID:9102892d-5718-45cb-bc24-8ea815ed93d7
2024-05-15 11:32:03.801 10 21728 CBopsProvider::SetSerialization SessionID:9102892d-5718-45cb-bc24-8ea815ed93d7 verified
2024-05-15 11:32:03.802 10 21728 CBopsProvider::SetSerialization END
2024-05-15 11:32:03.808 10 21728 CBopsProvider::CBopsProvider INIT
2024-05-15 11:32:03.809 10 21728 CBopsProvider_CreateInstance
2024-05-15 11:32:03.809 10 21728 CBopsProvider::Filter
2024-05-15 11:32:03.811 10 21728 CBopsProvider::CreateEnumeratedCredentials() BEGIN
2024-05-15 11:32:03.811 10 21728 Signature Verification Supressed !!!
2024-05-15 11:32:03.812 10 21728 CBopsProvider::CreateEnumeratedCredentials() after calling m_UpdateRemoteCredential
2024-05-15 11:32:03.813 10 21728 InitializeCredentialUI
2024-05-15 11:32:03.845 10 21728 CBopsCredentialUIBase::Initialize(), BEGIN
2024-05-15 11:32:03.846 55 21728 cts.get_token() 2
2024-05-15 11:32:03.849 10 21728 RESTApi::RequireReInitialize()
2024-05-15 11:32:04.904 10 21728 CBopsCredentialRDPSignIn::InitializeData BEGIN
2024-05-15 11:32:04.905 10 21728 CBopsCredentialUIBase::SetFieldsInitState() HIDING All fields
2024-05-15 11:32:04.906 10 21728 CBopsCredentialRDPSignIn::InitializeFields BEGIN
2024-05-15 11:32:04.907 10 21728 CBopsCredentialUIBase::Initialize(), END
2024-05-15 11:32:04.915 10 21728 CBopsCredentialUIBase::Advise()
2024-05-15 11:32:04.916 10 21728 CBopsCredentialUIBase::SetSelected()
2024-05-15 11:32:04.917 10 21728 CBopsCredentialUIBase::SetSelected(), enabling AutoLogon, m_RDP
2024-05-15 11:32:04.938 10 21728 CBopsCredentialUIBase::GetSerialization: BEGIN
2024-05-15 11:32:04.938 10 21728 CBopsCredentialUIBase::GetSerialization: m_RDP BEGIN
2024-05-15 11:32:04.939 10 21728 state_rdp_authentication STEP1 m_credentialData = 9102892d-5718-45cb-bc24-8ea815ed93d7;S-1-5-21-410015106-2063711249-828150371-2119
2024-05-15 11:32:04.940 10 21728 state_rdp_authentication STEP2 UPN = S-1-5-21-410015106-2063711249-828150371-2119
2024-05-15 11:32:04.941 10 21728 state_rdp_authentication STEP2 m_credentialData= 9102892d-5718-45cb-bc24-8ea815ed93d7
2024-05-15 11:32:04.941 55 21728 cts.is_canceled() 0
2024-05-15 11:32:04.227 10 21728 { 
"Module": "RESTApi",
"Method": "GetRACertificate",
"UserName":"",
"Messages":{},
"URL":"https://dev-dc4.dev.local/RaWebApp/api/BopsCertificate",
"InputJSON":{"bopsShortLiveToken":"9102892d-5718-45cb-bc24-8ea815ed93d7","bopsToken":"","bopsUpn":"S-1-5-21-410015106-2063711249-828150371-2119;MSKSPCX"},
"OutputJSON":{"FasUserHandler":null,"IssuedCertificate":"...","IssuedCertificatePassword":"...","error":{"Hresult":0,"UUID":"3fd2dd14-cf6e-4c37-bf06-3734097cc4d8","errorCode":0,"errorDescription":""}},
"Return":{
  "ReturnCode":0,  "Description": ""
},"ActivityStartTime": "",
"ActivityEndTime" : "",
"Duration" : 285,
"Version" : "3.6.0.0"
}
2024-05-15 11:32:04.227 10 21728 state_rdp_authentication STEP3 Certificate recieved, logon
2024-05-15 11:32:04.228 10 21728 GetCompletedCredential, m_cpus=1
2024-05-15 11:32:04.229 10 21728 GetCompletedCredential: m_pfxData->certPassword:36
2024-05-15 11:32:04.229 10 21728 GetCompletedCredential: pfxBlob.cbData:3389
2024-05-15 11:32:04.230 10 21728 NllImportPfx - BEGIN
2024-05-15 11:32:04.243 10 21728 NllImportPfx - STEP1
2024-05-15 11:32:04.244 10 21728 GetKSP returning - success:Microsoft Software Key Storage Provider
2024-05-15 11:32:04.244 10 21728 _NllSetCertificate - BEGIN:
2024-05-15 11:32:04.245 10 21728 _NllSetCertificate - STEP1:
2024-05-15 11:32:04.246 10 21728 _NllSetCertificate - STEP2:
2024-05-15 11:32:04.248 10 21728 _NllSetCertificate - STEP3:
2024-05-15 11:32:04.249 10 21728 _NllSetCertificate - SUCCESS:
2024-05-15 11:32:04.250 10 21728 _NllSetCertificate - END
2024-05-15 11:32:04.250 10 21728 NllImportPfx - SUCCESS
2024-05-15 11:32:04.251 10 21728 NllImportPfx - END
2024-05-15 11:32:04.251 10 21728 GetCompletedCredential: keyProvInfo->pwszContainerName:9102892d-5718-45cb-bc24-8ea815ed93d7S-1-5-21-410015106-2063711249-828150371-2119-BopsUserMSKSP-1f416034-ebf7-4bfa-8e1e-0e6097c16fa6
2024-05-15 11:32:04.252 10 21728 GetCompletedCredential: keyProvInfo->pwszProvName:Microsoft Software Key Storage Provider
2024-05-15 11:32:04.253 10 21728 GetCompletedCredential:CPUS_LOGON
2024-05-15 11:32:05.446 10 21728 ReportResult BEGIN, ntStatus:0
2024-05-15 11:32:05.850 10 21728 CBopsCredentialUIBase::UnAdvise() IsSignInOptions:FALSE
2024-05-15 11:32:05.852 10 21728 CBopsCredentialUIBase::UnAdvise() IsSignInOptions:FALSE
2024-05-15 11:32:06.955 10 19752 BopsCertificate::AddCertificate BEGIN
2024-05-15 11:32:06.957 10 19752 UserDomainHelper::GetUserSIDFromSessionID BEGIN
2024-05-15 11:32:06.958 10 19752 UserDomainHelper::GetUserSIDFromSessionID END return:S-1-5-21-410015106-2063711249-828150371-2119
2024-05-15 11:32:06.959 10 19752 BopsCertificate::AddCertificate PROCESS 1
2024-05-15 11:32:06.960 10 19752 BopsCertificate::AddCertificate END m_privData->GetUserOTP(userSID, otpPin):S-1-5-21-410015106-2063711249-828150371-2119 otpPIN length:0
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.