From 16c087d3bf3e0191402a3c758a786f0fef27bdf9 Mon Sep 17 00:00:00 2001 From: Bolke de Bruin <bolke@xs4all.nl> Date: Thu, 25 Aug 2022 12:26:03 +0200 Subject: [PATCH] Add config items and checks --- README.md | 8 ++++++++ cmd/rdpgw/config/configuration.go | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/README.md b/README.md index 79c6434..ded9426 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,14 @@ template. ```yaml # web server configuration. Server: + # can be set to openid (default) and local. If openid is used rdpgw expects + # a configured openid provider, make sure to set caps.tokenauth to true. If local + # rdpgw connects to rdpgw-auth over a socket to verify users and password. Note: + # rdpgw-auth needs to be run as root or setuid in order to work + Authentication: openid + # The socket to connect to if using local auth. Ensure rdpgw auth is configured to + # use the same socket. + AuthSocket: /tmp/rdpgw-auth.sock # disable TLS if termination happens somehwere else (e.g. a load balancer) # Note: rdp connections over a gateway require TLS DisableTLS: false diff --git a/cmd/rdpgw/config/configuration.go b/cmd/rdpgw/config/configuration.go index f034964..1c8db65 100644 --- a/cmd/rdpgw/config/configuration.go +++ b/cmd/rdpgw/config/configuration.go @@ -189,6 +189,10 @@ func Load(configFile string) Configuration { if Conf.Server.Authentication == "local" && Conf.Server.DisableTLS { log.Fatalf("basicauth=local and disabletls are mutually exclusive") } + + if !Conf.Caps.TokenAuth && Conf.Server.Authentication == "openid" { + log.Fatalf("openid is configured but tokenauth disabled") + } return Conf } -- GitLab