Symantec Privileged Access Management

 View Only
Expand all | Collapse all

Issues with PAM RDP session to Win Desktop with IGA Credential Provider Installed

  • 1.  Issues with PAM RDP session to Win Desktop with IGA Credential Provider Installed

    Posted Sep 28, 2022 10:46 AM
    Edited by Muzi Lubisi (CA SA) Sep 28, 2022 11:05 AM

    Good afternoon

    I hope you are well.

    We've deployed PAM RDP to some application management desktops. What we have found is that when Symantec IGA Credential Provider is installed and configured, the desktop requires a second round of authentication. This is to say, PAM injects the credentials, and the Windows desktop login screen appears immediately the cert accepted and the session is authentication, requiring further (second) authentication.

    When IGA CredProvider is installed, it also affects "normal windows" based (MS) RDP sessions. Requiring the user to authenticate twice, once on the RDP credential pop up, and again on a Windows desktop login screen as in PAM RDP. Removing or disabling IGA CredProvider results in the MS RDP working, but the PAM RDP still has an issue.

    Both the MS and PAM RDP sessions work as expected when IGA CredProvider is not installed.

    Regards
    Muzi Lubisi



  • 2.  RE: Issues with PAM RDP session to Win Desktop with IGA Credential Provider Installed

    Broadcom Employee
    Posted Sep 29, 2022 09:35 AM
    I don't think we should classify this as a PAM problem.  Its something in your IGA configuration that is causing you to be prompted twice.  I suspect there is something that can be adjusted in IGA to correct that issue.

    For example, perhaps IGA is enforcing this group policy setting: https://www.spjeff.com/2017/09/27/fixed-rdp-requires-authentication-twice/