Client certificate authentication

[B-Eddine]

Hello, I wanted to know if ssl client certificate (token) is is available for authentication , I added the ca-cert of my pki, but i have this error message. Thanks by advance

logs 2022/09/29 08:35:50 RemoteAddr: x.y.x.y:57259 2022/09/29 08:35:50 Client handshakeRequest from x.y.x.y 2022/09/29 08:35:50 major: 1, minor: 0, version: 0, ext auth: 1 2022/09/29 08:35:50 Cannot read message from stream websocket: close 1000 (normal) 2022/09/29 08:39:55 preferred_username not found in context

[bolkedebruin]

Client certificates are not supported by the official ms clients afaik. What's your scenario? What you could do is write a extrenal out of band supplier of a certificate that supplies this as a PAA cookie and then write a CheckPAACookie function that validates the supplied certificate. I am happy to accept patches for it but I like to see a working scenario.

[B-Eddine]

SmartCard is supported by mstsc.The use case is a bastion as a service, we create proxy socks&rdpgw per user with tha access policie.The socks part works fine and also the rdpgw with no auth. We think about adding nginx in front of rdpgw to add authentication more simple with internal PKI.