Abstract: The present disclosure is directed to a method and system for obtaining or allowing single sign-on capability for remote applications. The system receives a request a user device to register with a remote application or desktop service. The system then authenticates the user with the service, by receiving the user's credentials, and generating an access token and a single sign-on token. The user is presented with a list of remote applications that can be accessed through the service. The system receives the indication of the selection by the user and then proceeds to authenticate the user with the remote application. The remote application connects with the authentication service and presents the tokens that were generated in a certificate request to the authentication service. The authentication service uses this request and obtains a certificate authority a logon certificate that is used to log the user into the remote application.

Abstract: Examples of the present disclosure describe systems and methods for authentication by an authentication component when a client attempts to access a secured resource(s). As an example, an access request is received from a client at an authentication component. The authentication component generates an authentication challenge including criteria to assist the client in selecting an appropriate authentication credential, a request for proof of possession of the authentication credential, and challenge-specific data for the client to return in a challenge response. A challenge response is received from the client. The authentication component evaluates the challenge response and determines whether to authenticate the client for access to a resource based on the evaluated challenge response. Other examples are also described.

Abstract: Embodiments are directed to permitting client devices that connect remotely to an enterprise network to operate in a site-aware manner. In distributed file systems, files may be replicated in multiple places across a network. Embodiments are directed to providing requesting clients referrals (or paths) to replicas of desired information that are accessible by the requesting client with the least overall “cost” to the client and the network. The present systems and methods allow remote client devices to reliably identify a site with their referral requests so that the referring server(s) may provide site-aware referrals in response to the requests.