The Horizon Connection Server must discard SSO credentials after 15 minutes.
An XCCDF Rule
Description
<VulnDiscussion>Horizon Connection Server caches user credentials temporarily to ensure that the user can connect to their desktop pools without reauthenticating, right after logging in to the broker. However, this grace period must be restricted so that SSO credentials are only retained for 15 minutes before being discarded. Subsequent desktop connection attempts will require reauthentication, even if the user is still connected to the broker.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-246901r768663_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Click "Edit". Next to "Discard SSO Credentials", select "After" from the dropdown and fill in "15" minutes in the text field. Click "OK".