On Fri, Oct 25, 2024 at 10:07 AM Steven Barnhart <barnhart.st...@gmail.com> wrote:
> Hi all, > > This got brought up in a previous thread I had in the user list asking for > SSO possibilities with windows RDP systems when using SAML or other sign-on > solutions where Guacamole doesn't have access to the userid/password. > Kerberos was mentioned as a possibility as freerdp supports this. > > I did a quick search on Jira, but wanted to make sure I wasn't missing an > existing request for this kerberos support in guacamole. We'd really love > having this especially as we move more into the Azure/Entra-side of things > and we have a complicated mix of directories and such and using > SAML/federated solutions would help us out. But we really would like to > avoid having users need to enter credentials a second/multiple times when > connecting to the actual RDP resource. Microsoft is offering this kind of > support for Azure VDs and such I believe. > > It isn't supported, yet, but, with the support for FreeRDP 3.0 added in the upcoming 1.6.0 release, I think it might actually be possible, as my understanding is that FreeRDP 3 now supports transparent kerberos ticketing pass-through sorcery :-). My guess is that some additional development will be required: * The ability to configure the SSO extensions to process kerberos tickets. * The mechanism for passing through those tickets from the client to guacd and on to the RDP server. -Nick
