[Bug] - RDP Gateway - Expired JWT token

[Suplanus]

Describe the bug I love the new feature for open rdp client for an RDP connection. This works, but: I want also use the RDP Gateway directly but its not working.

Kasm is behind an OpnSense with an HaProxy with this "Option pass-through" setting:

option http-server-close
http-request add-header X-Forwarded-Proto https
http-response set-header Content-Security-Policy upgrade-insecure-requests

I think its an Cookie because I have this errors in Kasm:

Invalid PAA cookie received from client 217.87.132.223
Error, expired JWT token

⮕ 217.87.132.223 is my IP from the client (correct)

I added this option to HaProxy Backend settings:

http-request set-header Authorization %[req.hdr(Authorization)]

Now the cookie error is gone. I don't know if its correct because its not in the docu. But the JWT token error is still there.

The kasm Windows service on the Windows machine is running, and I think all fine because I connect via Web RDP and live bit is also there. But there is also this error when i connect from client app:

Error from Kasm server for api: https://proxy:443/api/service_keepalive status: 200
error: Kasm_id not found for keepalive request from connection proxy: 823ff49e-c30a-4c0b-8912-be8748173417.

To Reproduce Steps to reproduce the behavior: Create an RDP connection on macOS with Microsoft Remote Desktop app. Connect via https to kasm RDP gateway.

Workspaces Version 1.16

Workspaces Installation Method Single Server

[j-travis]

Hi, Are you saying you want to use the RDP Gateway but not via sessions initiated via Kasm? If so, that's not currently supported

[Suplanus]

Are you saying you want to use the RDP Gateway but not via sessions initiated via Kasm? Yes. Oh, so I misunderstand the docu.

I think everything is needed to implement this. I created a feature request #643

Thanks for looking into it 💖