Hi
Has someone already solved this demanding scenario:
1 behind firewall Corporate AD complete infrastructure. Windows 2008-based AD.
1 (or more if needed) External server, completely isolated (no site-to-site VPN, as for the moment), but with it´s own firewall completely manageable (for sake of IP filtering at least) on the internet. Windows 2008 r2.
This remote server should host an windows client application that must be consumed by users via Remote Desktop Services, Remote Application.
The application can not be customized it self and it was not built to support AD Federation and newest tech.
Use of local accounts at the external server for end-user authentication and respective independent password and accounting management should beavoided at all costs.
So the desired solution would be some way to federate the AD to the external server so it could (in a secure fashion) or join the AD or to know how to proxy the authentication onWindows level (Windows itself, RDS or other Windows Service-level, but independent from the end-application) to the corporate AD and then assume for all intended purposes that the successfully authenticated user, running the referred RDS session, is that corporate AD end-user account.
Thanks all
Daniel
