Hello all We are trying to use SAML web login with cisco duo to login the users to either server 25 session host or windows 11 vdis. So far so good. On server 2025 everything works as expected. On windows 11, I could track the problem down to LSA Protection which seems to block smartcard login (as described in this KB: Unable to launch a published resource using SAML due to HIPS protection). When I disable LSA protection it works on the windows 11 vdi as well. Has someone experienced the same and could manage to only exclude the parallels RAS components to work with SAML? Many thanks and kind regards, Luke
I would submit a ticket about this issue if you haven't already. I believe they already know about it, but if they get more tickets about it they may increase the priority of fixing it. I believe the issue is that Parallels uses its own Credential Provider for SAML login. The issue is that the files for this Credential Provider are not digitally signed, so LSA prevents them from loading and breaks the SAML login.
