Zac Bergquist

Pretty sure this was implemented last year in #28562. @r0mant @atburke can you confirm?

Yep, that's being worked on right now actually.

Note: `WindowsDesktop` and `WindowsDesktopService` are distinct resources. I assume you're more interested in `WindowsDesktopService` (the agent) than the individual desktops they proxy. @fspmarshall does `tctl inventory ls` only work for...

Interesting, `tctl inventory ls` comes up empty for me, even though I'm running `ssh_service`, `app_service`, and `windows_desktop_service`.

Just tried this again with 85e5e3d7304762caba8e8d52660d4c4406962929 and two desktop agents connected: - one in-process with proxy and auth - a standalone windows agent The in-process agent does show up in...

> You have to do extra work to get this wrong and I'm not sure why anyone would? I'm the one who did this. I was making a dev build...

See https://www.keycloak.org/docs/latest/securing_apps/index.html#logout (though note that Keycloak only seems to document this for `/realms/{realm}/protocol/openid-connect/logout`, I don't see `/protocol/saml` documented here). This probably requires some configuration for the SAML app in Keycloak...

See #40960

@marcoandredinis is it safe to close this as completed by #40960?

@r0mant can this one be closed? Pretty sure we now support MFA for apps and dbs.