Yes, you should set "authMethods=radius-auth && sp-auth"

"windowsSSOEnabled=true" is used in RADIUS cases where the RADIUS passcode is the same as the users AD password (e.g. solutions that send an SMS text token to the user). This then allows the subsequent AD password prompt needed by Connection Server to be skipped. If in your case the RADIUS passcode is not the same as the AD password, then the user will get two prompts (RADIUS then password). This is how Horizon View works.