pxcloud/rdpgw
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More details about the clients

Browse Source
This commit is contained in:
Bolke de Bruin 2024-03-21 16:36:47 +01:00
parent 5d30deb48c
commit 2d9a368fc4
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -347,7 +347,7 @@ docker-compose -f docker-compose-local.yml up
You can then connect to the gateway at `https://localhost:9443/connect` for the OpenID connect flavors which will start
the authentication flow. Or you can connect directly with the gateway set and the host set to ``xrdp`` if using the ``local``
flavorYou can login with 'admin/admin'. The RDP file will download and you can open it with a remote
flavor. You can login with 'admin/admin'. The RDP file will download and you can open it with a remote
desktop client. Also for logging in 'admin/admin' will work.
## Use
@ -364,6 +364,30 @@ It will return 200 OK with the decrypted token.
In this way you can integrate, for example, it with [pam-jwt](https://github.com/bolkedebruin/pam-jwt).
## Client Caveats
The several clients that Microsoft provides come with their own caveats.
The most important one is that the default client on Windows ``mstsc`` does
not support basic authentication. This means you need to use either OpenID Connect
or Kerberos.
In addition to that, ``mstsc``, when configuring a gateway directly in the client requires
you to "save the credentials" for the gateway otherwise the client will not connect at all
(it won't send any packages to the gateway) and it will keep on asking for new credentials.
Finally, ``mstsc`` requires a valid certificate on the gateway.
The Microsoft Remote Desktop Client from the Microsoft Store does not have these issues,
but it requires that the username and password used for authentication are the same for
both the gateway and the RDP host.
The Microsoft Remote Desktop Client for Mac does not have these issues and is the most flexible.
It supports basic authentication, OpenID Connect and Kerberos and can use different credentials
The official Microsoft IOS and Android clients seem also more flexible.
Third party clients like [FreeRDP](https://www.freerdp.com) might also provide more
flexibility.
## TODO
* Improve Web Interface