Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate SSO Authentication for Logins #1154

Open
Ajith-Palotte opened this issue Dec 17, 2024 · 3 comments
Open

Integrate SSO Authentication for Logins #1154

Ajith-Palotte opened this issue Dec 17, 2024 · 3 comments

Comments

@Ajith-Palotte
Copy link

Hello Team,

We are using devolutions-gateway along with Coder to access our windows systems hosted in AWS/Azure. Now we have a requirement to use the AAD integration with windows servers and we have successfully done it, But Unfortunately while we are taking the RDP using the devolutions-gateway , It's directly going to the RDP using the given local credentials. Our requirement is, it's should reroute to our SSO page and once the user is done with authentication then only allow the RDP to the user.

Could you please assist on this. Please share if you already have any solution is available to achieve the same ?
@awakecoding
Copy link
Contributor

Hi,

This question should probably be asked on the Devolutions Forum instead: https://forum.devolutions.net/

I'm not sure I fully understand the problem here, but it probably isn't directly related to Devolutions Gateway.

Are you referring to RDP Entra ID SSO, and the problem is that you are getting regular RDP NLA authentication? If this is what you meant, you need to enable RDP Entra ID SSO in RDM for your RDP connection entry: https://docs.devolutions.net/rdm/kb/knowledge-base/rdp-session-entry/rdp-entry-authentication-properties/#authentication

@Ajith-Palotte
Copy link
Author

HI @awakecoding,

We are using Coder workspace and for the windows RDP session we are the web RDP model (https://registry.coder.com/modules/windows-rdp). While we are using the module we can took the windows server RDP using the default credentials.
WebRDP Reference image
image

image

Our Requirement is , Instead of login with Default credentials , When the user select the WEBRDP option, it's should go to the our SSO authentication page and after successful authentication only the server will login.

We are able to do this from the Microsoft Remote Desktop Connection (MSTSC) with enabling the User Authentication option
image

@awakecoding
Copy link
Contributor

I understand the feature request now - you'd like RDP Entra ID SSO support in the RDP web client. Unfortunately, because of the way the protocol has been designed, it is currently not possible to implement it: the special login used for RDP Entra ID SSO uses a special client_id which can only use ms-appx-web://Microsoft.AAD.BrokerPlugin/5177bc73-fd99-4c77-a90c-76844c9b6999 as the return URL. This return URL is registered by a native application in Windows, and cannot be caught by a web application, there is therefore no way to implement RDP Entra ID SSO in the web, despite the fact that is uses a web login. It was hardcoded to function only for the native Windows RDP client and nothing else.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@awakecoding @Ajith-Palotte