MFA on RDP

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

MFA on RDP

Wesley de Graaf

Hi,

 

Sometimes we encounter an issue with the default timeout on the RDP connection in the guacamole. As far as we know the default is 15 seconds. But in some cases a user has to give an MFA consent on RDP connection and then the 15 seconds are to short and the connection is closed and reconnect attempt is started.

 

Does anyone have a suggestion for this?

 

Kind regards,

 

Wesley

Reply | Threaded
Open this post in threaded view
|

Re: MFA on RDP

vnick
On Wed, May 27, 2020 at 3:35 AM Wesley de Graaf <[hidden email]> wrote:

Hi,

 

Sometimes we encounter an issue with the default timeout on the RDP connection in the guacamole. As far as we know the default is 15 seconds. But in some cases a user has to give an MFA consent on RDP connection and then the 15 seconds are to short and the connection is closed and reconnect attempt is started.

 

Does anyone have a suggestion for this?

 


This is something I've looked into in the past - in fact, I have a JIRA issue opened for the ability to configure timeouts.  Unfortunately, the way RDP support works in Guacamole, leveraging the FreeRDP libraries, it relies on the FreeRDP libraries for the ability to set things like timeout, and the FreeRDP library does not support that, and they have basically refused to implement it.  So, I'm not sure there's a good answer for this today, except to educate users that they'd better have MFA ready when they log in so that they can hit that 15 second window.  And, yes, I know that's not a good answer....

-Nick
Reply | Threaded
Open this post in threaded view
|

RE: MFA on RDP

Wesley de Graaf

Hi Nick,

 

Well at least I do have some solid information to work with, I agree its not a good solution. But I guess we will be able to get some workaround for this.

 

Thanks for the info, threat can be closed.

 

Kind regards,

 

Wesley.

From: Nick Couchman <[hidden email]>
Sent: Friday, May 29, 2020 1:55 PM
To: [hidden email]
Subject: Re: MFA on RDP

 

On Wed, May 27, 2020 at 3:35 AM Wesley de Graaf <[hidden email]> wrote:

Hi,

 

Sometimes we encounter an issue with the default timeout on the RDP connection in the guacamole. As far as we know the default is 15 seconds. But in some cases a user has to give an MFA consent on RDP connection and then the 15 seconds are to short and the connection is closed and reconnect attempt is started.

 

Does anyone have a suggestion for this?

 

 

This is something I've looked into in the past - in fact, I have a JIRA issue opened for the ability to configure timeouts.  Unfortunately, the way RDP support works in Guacamole, leveraging the FreeRDP libraries, it relies on the FreeRDP libraries for the ability to set things like timeout, and the FreeRDP library does not support that, and they have basically refused to implement it.  So, I'm not sure there's a good answer for this today, except to educate users that they'd better have MFA ready when they log in so that they can hit that 15 second window.  And, yes, I know that's not a good answer....

 

-Nick