pxcloud/rdpgw
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
210 Commits 4 Branches 9 Tags 535 KiB
multiple_oidc
Commit Graph

63 Commits

Author SHA1 Message Date
Bolke de Bruin
9d9b7a9ab5 Add test 2023-04-16 10:02:47 +02:00
totomz
cdf6e68684 Use multiple oidc claim to find the username 
The clim `preferred_username` is optional in Azure AD. Although is listed as preferred, in some enterprise environment it's not possible to add this additional claim. `unique_name` and `upn` are legacy alternatives
 2023-04-07 12:15:06 +02:00
Bolke de Bruin
43eb2d5f47 Make session length configurable 2022-10-22 10:17:43 +02:00
Bolke de Bruin
2abf83f0be Set max session storage to 8kb 
If using the filesystem storage provider
for session store it can be set than a larger value than 4kb
as it is not tied to the restriction of a cookie anymore.
 2022-10-22 10:08:42 +02:00
Bolke de Bruin
7e3c4abea7 Change name 2022-10-18 11:40:28 +02:00
Bolke de Bruin
ee20553f08 Make stackable 2022-10-18 11:39:26 +02:00
Bolke de Bruin
db98550455 Refactor identity and http routing 2022-10-18 09:36:41 +02:00
Bolke de Bruin
b42c3cd3cc Refactor identity framework to be more robust 2022-10-13 11:13:24 +02:00
Bolke de Bruin
bbd0735289 Fix context when using spnego 2022-10-12 16:50:13 +02:00
Bolke de Bruin
df175da330 Add kdcproxy to support spnego 2022-10-12 16:32:05 +02:00
Bolke de Bruin
81abbf7633 Fix code 2022-10-06 09:36:33 +02:00
Bolke de Bruin
04988650e8 Fix rdp setting and fix username can be nil with openid 2022-10-06 09:19:50 +02:00
Bolke de Bruin
e3ae09b525 Prepare for merge 2022-09-26 08:32:49 +02:00
Bolke de Bruin
0566f90488 Make sure to use right keys 2022-09-24 16:47:03 +02:00
Bolke de Bruin
94d7cddc4b Rework tunnels to support statistics 2022-09-24 13:21:01 +02:00
Bolke de Bruin
eb1b287751 refactor tunnel and transport 2022-09-24 11:23:41 +02:00
Bolke de Bruin
ce6692d22f Refactor add bit of tracking 2022-09-22 17:21:16 +02:00
Bolke de Bruin
8aa7c8cbb7 Verify if account is valid 2022-09-09 16:44:19 +02:00
Bolke de Bruin
df3ca7917c Add web tests 2022-09-09 11:17:03 +02:00
Bolke de Bruin
cc6420b037 Fix check against disabled TLS 2022-09-09 08:49:35 +02:00
Bolke de Bruin
51af7d2ce4 Fix enum 2022-09-08 09:45:35 +02:00
Bolke de Bruin
96030f79f3 Make sure gateway address is set 2022-09-08 09:41:52 +02:00
Bolke de Bruin
090a5797d0 Use rdp builder for generating the rdp file 2022-09-07 10:52:20 +02:00
Bolke de Bruin
0c5f93e810 Split web api so it becomes more testable and maintainable 2022-09-06 12:14:08 +02:00
Bolke de Bruin
454d203070 Add acme support 2022-08-31 09:52:50 +02:00
Bolke de Bruin
e4e132c273 Remove "connect" endpoint if using local-auth 2022-08-30 11:49:19 +02:00
Bolke de Bruin
b92469cbe3 Add test and fix bug 2022-08-26 12:41:05 +02:00
Bolke de Bruin
61489fc4a7 Fix username selection 2022-08-26 12:15:43 +02:00
Bolke de Bruin
28890a97b6 Fix username replacement 2022-08-26 12:05:07 +02:00
Bolke de Bruin
184ff320b8 Fix checking host from list 2022-08-26 11:59:46 +02:00
Bolke de Bruin
19e9e3269d Fix auth function setup 2022-08-26 11:42:10 +02:00
Bolke de Bruin
c76de478e2 Fix openid 2022-08-26 11:27:11 +02:00
Bolke de Bruin
f94e73b1ec Fix some issues with gateway addresses 2022-08-26 10:06:43 +02:00
Bolke de Bruin
50f6d343f1 Make docker image use sratch 2022-08-26 09:46:59 +02:00
Bolke de Bruin
16c087d3bf Add config items and checks 2022-08-25 12:26:03 +02:00
Bolke de Bruin
768ee45974 Allow chaining of checks 2022-08-25 12:12:21 +02:00
Bolke de Bruin
9d2dc57e90 Check valid host from list 2022-08-25 11:22:23 +02:00
Bolke de Bruin
0901a117c9 Working basic auth 2022-08-25 10:58:23 +02:00
Bolke de Bruin
69bcf81230 Fix randomstring generation 2022-08-24 22:44:44 +02:00
Bolke de Bruin
fb58cb299e Add server implementation of basic auth 2022-08-24 13:47:26 +02:00
Bolke de Bruin
390f6acbcd Add support for PAM authentication 2022-08-23 22:52:15 +02:00
Bolke de Bruin
cb8b269478 Enable signed hosts provied in query parameters 2022-08-17 19:12:28 +02:00
Bolke de Bruin
8bc3e25f83 Allow host query parameter 
the host query parameter can now be used
dependent on the `hostselection` config.
 2022-08-17 10:49:21 +02:00
Bolke de Bruin
40d9cdda57 Make config more docker friendly 2022-08-16 14:54:31 +02:00
Bolke de Bruin
790ea0369c Change order to satisfy go-flags 2022-08-11 14:58:39 +02:00
Bolke de Bruin
b05886db73 Remove cobra 
Cobra is pretty opnionated and its complexity isnt required
currently.
 2022-08-11 14:25:07 +02:00
Bolke de Bruin
cd4182c1f5 Switch from viper to koanf 2022-08-11 13:58:24 +02:00
Bolke de Bruin
8ef2e3c153 Correct handshake response 2022-08-11 13:24:12 +02:00
Bolke de Bruin
b28d1787fc Allow filesystemstore for sessions (#15) 
AD and other IdPs can provide long lists of group
membership. This can lead to securecookie too big
as this cannot always be stored inside a HTTP header.
Filesystem session storage removes this limitions at the
cost of not being entirely stateless anymore. It is therefore
required that clients can keep state with the rdpgw
instance.
 2022-08-11 12:29:52 +02:00
Bolke de Bruin
1f7d8620d9 Debug 2022-08-10 22:47:52 +02:00