search

bolkedebruin / rdpgw

Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes
Apache License 2.0
758 stars 119 forks source link

Feature Request: Scope based Host Authorization #24

Open pfzetto opened 3 years ago

pfzetto commented 3 years ago

Hey, currently I don't see a good way to Authorize Users to Hosts (with the GW, not the Host). My suggestion would be, that an OpenId Provider like Keycloak can add a Host Claim to the Access Token, which consists of an array of hosts. The user is than only allowed these hosts. Access Token Snippet:

...
"hosts" : [
  "0.0.0.0:3389",
  "1.1.1.1:3389"
],
...

In Keycloak you could create a role for every host and assign the roles to users. Then you can use a Custom Client Scope to create the host claim.

bolkedebruin commented 2 years ago

That isnt a bad idea. Labeling for future work