devolutions-gateway icon indicating copy to clipboard operation
devolutions-gateway copied to clipboard
verified publisher icon Devolutions

Integrate SSO Authentication for Logins

Open Ajith-Palotte opened this issue 1 year ago • 3 comments

Hello Team,

We are using devolutions-gateway along with Coder to access our windows systems hosted in AWS/Azure. Now we have a requirement to use the AAD integration with windows servers and we have successfully done it, But Unfortunately while we are taking the RDP using the devolutions-gateway , It's directly going to the RDP using the given local credentials. Our requirement is, it's should reroute to our SSO page and once the user is done with authentication then only allow the RDP to the user.

Could you please assist on this. Please share if you already have any solution is available to achieve the same ?

Ajith-Palotte avatar Dec 17 '24 10:12 Ajith-Palotte

Hi,

This question should probably be asked on the Devolutions Forum instead: https://forum.devolutions.net/

I'm not sure I fully understand the problem here, but it probably isn't directly related to Devolutions Gateway.

Are you referring to RDP Entra ID SSO, and the problem is that you are getting regular RDP NLA authentication? If this is what you meant, you need to enable RDP Entra ID SSO in RDM for your RDP connection entry: https://docs.devolutions.net/rdm/kb/knowledge-base/rdp-session-entry/rdp-entry-authentication-properties/#authentication

awakecoding avatar Dec 17 '24 13:12 awakecoding

HI @awakecoding,

We are using Coder workspace and for the windows RDP session we are the web RDP model (https://registry.coder.com/modules/windows-rdp). While we are using the module we can took the windows server RDP using the default credentials. WebRDP Reference image image

image

Our Requirement is , Instead of login with Default credentials , When the user select the WEBRDP option, it's should go to the our SSO authentication page and after successful authentication only the server will login.

We are able to do this from the Microsoft Remote Desktop Connection (MSTSC) with enabling the User Authentication option image

Ajith-Palotte avatar Dec 17 '24 14:12 Ajith-Palotte

I understand the feature request now - you'd like RDP Entra ID SSO support in the RDP web client. Unfortunately, because of the way the protocol has been designed, it is currently not possible to implement it: the special login used for RDP Entra ID SSO uses a special client_id which can only use ms-appx-web://Microsoft.AAD.BrokerPlugin/5177bc73-fd99-4c77-a90c-76844c9b6999 as the return URL. This return URL is registered by a native application in Windows, and cannot be caught by a web application, there is therefore no way to implement RDP Entra ID SSO in the web, despite the fact that is uses a web login. It was hardcoded to function only for the native Windows RDP client and nothing else.

awakecoding avatar Dec 18 '24 20:12 awakecoding