FreeRDP gateway and tokens

FreeRDP / FreeRDP-WebConnect

A gateway for seamless access to your RDP-Sessions in any HTML5-compliant browser

517 stars 1.61k forks source link

FreeRDP gateway and tokens #34

Open jd-jedi opened 10 years ago

jd-jedi commented 10 years ago

Hi Great project.

We have a management portal, and have access to hyper-v credentials and vm id. But we do not want these to be sent to client. Instead we would like to have tokens generated, example flow as follows.

portal ----------> pass credentials and vm id -------> FreeRDP-WebConnect
FreeRDP-WebConnect -------> Short term token ------> Portal
Portal constructs the url with the token, and Client will connect to VM via FreeRDP-WebConnect gateway.

Is there a way to do this ? Any plans ? I have seen some freerdp params as reconnection cookie... can it be used ? Any other ideas ? Does it have internal session id (keeping track of connections )

Thanks /Jd

umeshbhatt25 commented 10 years ago

Hi,

I am also have similar requirement. Any luck on making this work?

Regards, Umesh

alexpilotti commented 10 years ago

Hi, we do support the scenario you are describing in OpenStack:

http://www.cloudbase.it/freerdp-html5-proxy-windows/

jd-jedi commented 10 years ago

On 6/12/14 3:13 AM, Alessandro Pilotti wrote:

Hi, we do support the scenario you are describing in OpenStack:

http://www.cloudbase.it/freerdp-html5-proxy-windows/

— Reply to this email directly or view it on GitHub https://github.com/FreeRDP/FreeRDP-WebConnect/issues/34#issuecomment-45851395.

How to use it without openstack ? How to supply token ? (assuming in the url?) How does proxy check validity of the token ? Does it call back ? Where token to host:port mapping stored/supplied/fetched ?

Thanks /Jd

alexpilotti commented 10 years ago

Hi @jd-jedi, we just merged all the Cloudbase code, including the OpenStack token support.

We're planning to enable a similar feature without requiring OpenStack. I marked this issue as a feature request.

jd-jedi commented 10 years ago

Thanks In the meantime, I was thinking about "simulating" as nova stack for this interaction. Looking at the code,

nova_console_info nova_console_token_auth_impl::get_console_info( std::string osAuthUrl, std::string osUserName, std::string osPassword, std::string osTenantName, std::string consoleToken) {

... get authtoken : login to nova and get authtoken -- get console info passing (authtoken , consoletoken) ... populate nova_console_info info object. ... contains host, port, internal_access_path.

host and port seems natural, what is internal_access_path ? What is the expected format ? Is it VMID ? Does it include hyper-v creds ? or they are taken from the config file for the webconnect proxy.

Thanks /Jd

Darosnl commented 9 years ago

Hello,

Anyupdate on the token support in the freerdp web version?

houguiqiang commented 6 years ago

hi @alexpilotti

We're planning to enable a similar feature without requiring OpenStack. I marked this issue as a feature

Is the plan making progress?