I am looking for help configuring (or more probably writing an extension for) RD Web of Windows Server 2008 R2 so that a user that has previously been authenticated at a related site can be mapped to a local user in our Remote Desktop farm and get access to RemoteApp applications without an additional signon. I have got it working to use a single signon in the RD Web site so far (sign on to RD Web, and no additional sign on after clicking a RemoteApp). But I want to use the SAML authentication token from the other site so that when they link a user to us that has already been authenticated by them, the user does not have to enter a username/password at all at our site.
Any advice? Where can I find documentation for reconfiguring the SSO authentication or writing my own authentication module that supports SSO? I have dug around the RD Web files but I have so far been unable to determine how the login credentials are passed from the login in the web browser to the rdp client. I can see the signed RDP file contents sent from the server urlencoded, but they do not seem to contain any credentials token.