Jump to content

BCoole

Members
  • Posts

    6
  • Joined

  • Last visited

  • Days Won

    1

BCoole last won the day on May 24 2022

BCoole had the most liked content!

BCoole's Achievements

  1. We are looking to present Passwordstate via a differrent URLs to our internal & external users External users proxied via a browser based VPN), while still using SAML protocol to authenticate users and the same IDP configuraiton. When decoding a SAML auth request from Passwordstate, the optional AssertionConsumerServiceURL value is not included. Since this value is not specified, the IDP will always redirect users to the default AssertionConsumerServiceURL configured in the IDP, despite other AssertionConsumerServiceURLs being present in the IDP configuration - whihc means that regardless of the URL used to access passwordstate, the user will always be directed to the default IDP replyURL. If this field was built from the users current URL/domain and supplied in the request, then as long as the URL used is configured in the IDP, the IDP will redirect the user to their original URL on successful auth. This would enable 1 IDP configuration to be used for multiple app urls/domains.
  2. We Use AADJ Devices and our internal servics use public signed certs - not much in the way of traditional internal CA infrastructure nor the desire to set it up. We have WIN-ACME requesting publicly signed certs using the DNS-01 challenge and have configured the certificates to be exportable and to auto update in the site bindings for IIS. Cookie cutter cert management, works well for the base site, no problems there. The problem is that as far as I can tell this can't/wont update the cert for the remote session gateway. In Section 9 of the remote session launcher guide there are a few lines of Powershell to update the gateway cert *after* a cert has been exported with a password, however there isn't anyhting 'clean and easy' like the gateway install script that exports it and sets up the gateway in the first place. Has anyone run into this before and/or made a script to auto export and update the gateway cert? Alternatively, as a brute force approach, is there any problems that would occur from simply re-triggering the install-gateway-internal.ps1 script after the cert is renewed? I could probably easily cut out sections like redownloading OPENJDK, but im not sure how 'healthy' re-running the install.bat file would be to a production instance and I'm not familiar enough with powershell to reverse engineer the cert export from IIS and update in the gateway service myself. Hoping someone else has already run into this one.
×
×
  • Create New...