Hello,
I just came across a weird problem with the Horizon Client and Single Sign-On.
When I'm using the Horizon Client to connect to a desktop (linked clone), lock the Windows session, disconnect and then reconnect to the desktop, I'm presented with the Windows lock screen instead of being logged in automatically. The lock screen doesn't show the Ctrl+Alt+Del prompt though, so it looks like the SSO component already "pressed" Ctrl+Alt+Del but couldn't proceed with signing in.
When I restart the Horizon Client I can successfully connect to the desktop again (with SSO).
This doesn't happen with Zero Clients (Dell Wyse P25) or HTML Access.
Steps to reproduce:
This is on Horizon View 6.1 with Client version 3.3.0.
Both "Discard SSO credentials" settings in the View Administrator are set to "Never".
Again, this problem doesn't occur when connecting through Zero Clients or HTML Access, so to me it looks like a bug within the Horizon Client.
Anything I might have missed?
Thanks in advance!
Best regards
Dan
Hi Dan,
Thank you for providing clear information.
Could you please check if this workaround helps you
http://kb.vmware.com/kb/1018819
http://kb.vmware.com/kb/1016961
I had a similar case and this workaround worked for 6.x as well.
Could you please share your findings.
Thank you very much for your answer.
I followed the steps outlined in the links you've provided.
The policies/registry keys didn't exist in my case, so this didn't help, unfortunately.
I have also tried several approaches from this KB article: http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&externalId=1029391
Do you have any other ideas?
Thanks!
This looks like a feature with idle session timeout, after your session is locked explicitly, idle session will also be locked, so SSO doesn't work.
I find the new document about Horizon View 6.0, it describe like this:
If a desktop is launched from Horizon Client, and the desktop is locked, either by the user or by Windows based on a security policy, and if the desktop is running View Agent 6.0 or later, View Connection Server discards the user's SSO credentials. The user must provide login credentials to launch a new desktop or a new application, or reconnect to any disconnected desktop or application. To enable SSO again, the user must disconnect from View Connection Server or exit Horizon Client, and reconnect to View Connection Server. However, if the desktop is launched from Workspace Portal and the desktop is locked, SSO credentials are not discarded
I want to know if there are some setting to don't discards the user's SSO credentials in the Horizon view 6.x when desktop is locked . Some users want keep the setting of Version 5.x.
The Horizon Workspace Portal part is a different thing entirely, because it generates a new SAML token for login and relaunches the client.
However, I'm asking around to see if there is a way to disable the "discard SSO credentials after desktop session lock" feature by LDAP. I don't see anything in the admin UI under "Global Settings".
I asked around and confirmed that there is no way to disable the functionality to discard SSO credentials if the user locked their session.