On Sat, Jul 3, 2021 at 2:37 PM Angal, Rajeev <ran...@visa.com.invalid> wrote:
> Thanks for your reply, Nick. > On #2: > User workstation —> Guacamole intermediate server —> Target RDP or SSH > server > > After the initial authentication to Guacamole with SAML/ smartcard/etc, > If the intermediate server could get a ephemeral certificate (on behalf > of the authenticated user) from a CA and allow auto login over SSH snd RDP > to the target server. > This post describes the conceot: > > > https://informationsecuritybuzz.com/articles/why-ephemeral-certificates-are-the-ideal-option-for-secure-it-access/ > > > Ah, okay, so you're not so much concerned with support for authenticating to Guacamole via certificate, you're wanting to pass the certificate through to the remote desktop system? Guacamole doesn't support that, either, currently, but I'm sure it is doable. -Nick >