By default, when a user logs in to View Connection Server from View Client, single sign-on (SSO) is enabled. The user does not have to log in again to connect to the View desktop. During a desktop session, a user can leave the desktop, allow it to become inactive, and return without having to authenticate again. To reduce the chance that someone else could start using the desktop session, you can configure a time limit after which the user's SSO credentials are no longer valid.

You configure the SSO timeout limit by setting a value in View LDAP. When you change View LDAP on a View Connection Server instance, the change is propagated to all replicated View Connection Server instances.

The timeout limit is set in minutes. The time limit counter starts when the user logs in to View Connection Server. For example, if you set the value to 10 minutes, the user's SSO credentials are invalidated 10 minutes after the user logs in to View Connection Server.

Note

On View desktops that are used in local mode, a checkout operation that takes longer than the SSO timeout value causes the user's SSO credentials to expire. For example, you might set the SSO timeout limit to 10 minutes. A user might log in to View Connection Server and check out a desktop. If the checkout takes 20 minutes, the user must log in again to connect to the local desktop, even though the user has not yet spent any time in a desktop session.

See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version.

1

Start the ADSI Edit utility on your View Connection Server host.

2

Select or connect to DC=vdi, DC=vmware, DC=int.

3

On the object CN=Common, OU=Global, OU=Properties, set the pae-SSOCredentialCacheTimeout attribute to the new SSO timeout limit in minutes.

The default value is 15. A value of -1 means that no SSO timeout limit is set. A value of 0 disables SSO.

On remote desktops, the new SSO timeout limit takes effect immediately. You do not need to restart the View Connection Server service or the client computer.

On desktops that run in local mode, the new SSO timeout limit takes effect the next time a client computer that hosts the local desktop sends a heartbeat message to View Connection Server.