Hi Pras_inquirer,
This is possible. I've found out how: Edit c:\Windows\web\rdweb\pages\web.config (Read the informational remarks in that file, that explains all). Remove the <authentication mode="Forms"> or replace it with <authenticaton mode="Windows"/>
Comment out modules and security in the section <system.webServer>
Change the web publishing rule in TMG2010 to: Authentication Delegation / Negotiate(Kerberos/NTLM) and fill in a SPN name (http/<fqdn RD webaccess>)
How to create that SPN correctly:
Example:
URL=rdgw.test.com (=Remote Desktop WebAccess website); TMG2010 server= TMG01.domain.local; Remote Desktop Gateway NETBIOS name= RDGSERVER
Run with domain administrative rights the command: SPN -A
http://rdgw.test.com RDGSERVER
Open Active Directory Users & Computers, get the properties of the TMG01.domain.local object, select the tab Delegation (Trust this computer for delegation to specified services only/Use any authentication protocol) click on ADD, click on 'Users or Computers',
fill in the name RDGSERVER, scroll down to the newly created http service type with the name rdgw.test.be and select it. / OK
This SSO worked for me...
Regards.