Single Sign On |
Top Previous Next |
In a multi-application Single-Sign-On environment users log in once into one application and gain access to all the other applications without being prompted to log in again for each of them. As different applications and resources support different authentication mechanisms,Thinfinity® Remote Desktop Server has to internally translate and store different credentials for the supported single-sing-on methods, in order to interpret them into the Thinfinity® Remote Desktop Server Local credentials
OAuth 2.0 integration: OAuth 2.0 is a user validation protocol against a remote server. This means that Thinfinity Remote Desktop Server doesn't validate the user internally, using a username and password. The user authentication is relayed to the OAuth 2.0 server. Once the OAuth 2.0 server validates the user, it returns a validation code to Thinfinity Remote Desktop Server, which will allow Thinfinity Remote Desktop Server to access a token. This token provides access to user information —such as the user email— in the OAuth 2.0 authentication server. Thinfinity Remote Desktop Server uses this token to request this information. Although not specified by the OAuth 2.0 normative, the Profile information server usually returns a JSON object. This JSON object includes values that can be used in Thinfinity Remote Desktop Server to validate the user. These values are mapped to Windows users, so that the corresponding Thinfinity Remote Desktop Server permissions are applied.
In order to use OAuth 2.0 in Thinfinity Remote Desktop Server, add “/oauth2” or “/google” to the Thinfinity Remote Desktop Server URL:
https://<ThinfinityRDServer>/oauth2
This is the callback URL that has to be configured in the AOuth 2.0 server in order to return the user validation code so that Thinfinity Remote Desktop Server can continue with the validation process. Thinfinity Remote Desktop Server gets its address from the route where the browser request is made. This information cannot be modified.
Google accounts integration:
Thinfinity® Remote Desktop Server authentication can be integrated to the Google accounts. On the links below you will find the information to set up Thinfinity® Remote Desktop Server to work with this method:
RADIUS integration:
Thinfinity® Remote Desktop Server authentication can be integrated with a RADIUS account. On the links below you will find the information to set up Thinfinity® Remote Desktop Server to work with this method:
Other single-sign-on methods:
Any other method can also be supported by Thinfinity® Remote Desktop Server. To make any other methods work with Thinfinity® Remote Desktop Server you have to map external users to Thinfinity® Remote Desktop Server and substitute the password with the Thinfinity® Remote Desktop Server ApiKey mechanism.
The CAS demo shows you how to integrate an external application authentication with Thinfinity® Remote Desktop Server through the use of the CAS authentication and Apikey on the Thinfinity® Remote Desktop Server side.
|