Setup for smart card auth against AWS RD Gateway for MacOS
C
Cord Thomas
started a topic
over 3 years ago
Hello
In AWS, we have an RD Gateway setup with hosts (AWS Workspaces) joined to a domain. We have configured the network to support smart card authentication. We are able to use the Windows RDP client to authenticate with card/PIN but the Mac won't work. We are trying your TSX product which seems promising. I have tried setting up a new RDP Connection, specified a Remote Desktop Gateway setting (transport type auto) and tried connecting in several ways.
It's unclear where we specify the smart card as credentials. I have tried on the RD Gateway configuration which never prompts for the PIN and I do not see where I would specify this in the Credentials section of the Remove Desktop connection.
Is what I am trying to do possible? What's the right collection of configurations needed? Thank you.
Best Answer
F
Felix Deimel
said
over 3 years ago
Hi Cord,
unfortunately, FreeRDP (the open source RDP implementation we use in Royal TSX) doesn't currently support smart card authentication for Remote Desktop Gateways. Smart Card authentication is only supported for regular connections and requires NLA to be disabled.
unfortunately, FreeRDP (the open source RDP implementation we use in Royal TSX) doesn't currently support smart card authentication for Remote Desktop Gateways. Smart Card authentication is only supported for regular connections and requires NLA to be disabled.
Sorry to be the bearer of bad news.
cheers,
felix
C
Cord Thomas
said
over 3 years ago
That's too bad; thank you for the prompt response.
Felix Deimel
said
over 3 years ago
You're welcome, Thomas! Sorry for not having better news...
cheers,
felix
A
Ammar Imam
said
about 1 year ago
Hi, I wanted to follow up to this post to see if Royal TSX now supports PIV/smart card logins by any chance. I notice the "Redirection" option with smart card on Remote Desktop. Is there any documentation you can provide me on how to leverage Redirect smart card log in?
Thank you,
Ammar Imam
Felix Deimel
said
about 1 year ago
Hi Ammar,
Royal TSX has supported RDP Smart Card authentication for many years. Just not when NLA was required on the server and not for Remote Desktop Gateway authentication.
So, whether or not it'll work in your environment depends on your exact setup.
Basically, there's not a lot to configure. Just make sure that the "Smart Card" option is enabled in the "Redirection" settings and disable "NLA" in the "Advanced - Authentication" settings of your RDP connection.
If that doesn't work, please open a support ticket so that we can try to debug what's happening.
Cord Thomas
Hello
In AWS, we have an RD Gateway setup with hosts (AWS Workspaces) joined to a domain. We have configured the network to support smart card authentication. We are able to use the Windows RDP client to authenticate with card/PIN but the Mac won't work. We are trying your TSX product which seems promising. I have tried setting up a new RDP Connection, specified a Remote Desktop Gateway setting (transport type auto) and tried connecting in several ways.
It's unclear where we specify the smart card as credentials. I have tried on the RD Gateway configuration which never prompts for the PIN and I do not see where I would specify this in the Credentials section of the Remove Desktop connection.
Is what I am trying to do possible? What's the right collection of configurations needed? Thank you.
Hi Cord,
unfortunately, FreeRDP (the open source RDP implementation we use in Royal TSX) doesn't currently support smart card authentication for Remote Desktop Gateways. Smart Card authentication is only supported for regular connections and requires NLA to be disabled.
Sorry to be the bearer of bad news.
cheers,
felix
- Oldest First
- Popular
- Newest First
Sorted by Oldest FirstFelix Deimel
Hi Cord,
unfortunately, FreeRDP (the open source RDP implementation we use in Royal TSX) doesn't currently support smart card authentication for Remote Desktop Gateways. Smart Card authentication is only supported for regular connections and requires NLA to be disabled.
Sorry to be the bearer of bad news.
cheers,
felix
Cord Thomas
That's too bad; thank you for the prompt response.
Felix Deimel
You're welcome, Thomas! Sorry for not having better news...
cheers,
felix
Ammar Imam
Hi, I wanted to follow up to this post to see if Royal TSX now supports PIV/smart card logins by any chance. I notice the "Redirection" option with smart card on Remote Desktop. Is there any documentation you can provide me on how to leverage Redirect smart card log in?
Thank you,
Ammar Imam
Felix Deimel
Hi Ammar,
Royal TSX has supported RDP Smart Card authentication for many years. Just not when NLA was required on the server and not for Remote Desktop Gateway authentication.
So, whether or not it'll work in your environment depends on your exact setup.
Basically, there's not a lot to configure. Just make sure that the "Smart Card" option is enabled in the "Redirection" settings and disable "NLA" in the "Advanced - Authentication" settings of your RDP connection.
If that doesn't work, please open a support ticket so that we can try to debug what's happening.
thx,
Felix
-
About this Forum
-
X11 forwarding
-
Royal TSX VMware connections
-
Sort items/folders in Navigation panel
-
Triggers and others changes..
-
Emulating full screen WITHOUT "Spaces"
-
Proper cred setup for smartcard RDP logon from MacOS
-
AutoFill/Login Google Drive?
-
Toggle broadcast input on/off
-
Royal TSX - Costum Keyboard Layout
See all 114 topics