Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Horizon Connection Server must discard SSO credentials after 15 minutes.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246901 | HRZV-7X-000020 | SV-246901r768663_rule | Medium |
| Description |
|---|
| Horizon Connection Server caches user credentials temporarily to ensure that the user can connect to their desktop pools without reauthenticating, right after logging in to the broker. However, this grace period must be restricted so that SSO credentials are only retained for 15 minutes before being discarded. Subsequent desktop connection attempts will require reauthentication, even if the user is still connected to the broker. |
| STIG | Date |
|---|---|
| VMware Horizon 7.13 Connection Server Security Technical Implementation Guide | 2021-07-30 |
Details
| Check Text ( C-50333r768661_chk ) |
|---|
| Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Locate the "Discard SSO credentials" setting. If the "Discard SSO Credentials" setting is set to "Never", this is a finding. If the "Discard SSO Credentials" setting is set to greater than "15 minutes", this is a finding. |
| Fix Text (F-50287r768662_fix) |
|---|
| Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Global Settings. In the right pane, click the "General Settings" tab. Click "Edit". Next to "Discard SSO Credentials", select "After" from the dropdown and fill in "15" minutes in the text field. Click "OK". |