diff --git a/cmd/rdpgw/config/configuration.go b/cmd/rdpgw/config/configuration.go
index 28b9b7a821384665b2a10f96dd27c3a4e3520830..673a9eb8e64eab6d1d840ee0e18398db259e9291 100644
--- a/cmd/rdpgw/config/configuration.go
+++ b/cmd/rdpgw/config/configuration.go
@@ -11,6 +11,20 @@ import (
 	"strings"
 )
 
+const (
+	TlsDisable = "disable"
+	TlsAuto    = "auto"
+
+	HostSelectionSigned     = "signed"
+	HostSelectionRoundRobin = "roundrobin"
+
+	SessionStoreCookie = "cookie"
+	SessionStoreFile   = "file"
+
+	AuthenticationOpenId = "openid"
+	AuthenticationBasic  = "local"
+)
+
 type Configuration struct {
 	Server   ServerConfig   `koanf:"server"`
 	OpenId   OpenIDConfig   `koanf:"openid"`
diff --git a/cmd/rdpgw/main.go b/cmd/rdpgw/main.go
index 6a7ea82a95471725bc8d5ec6544fbb39580ac030..27ed7838f6593cd2ca4108ce1b90c9343204b06e 100644
--- a/cmd/rdpgw/main.go
+++ b/cmd/rdpgw/main.go
@@ -124,7 +124,7 @@ func main() {
 	log.Printf("Starting remote desktop gateway server")
 	cfg := &tls.Config{}
 
-	if conf.Server.Tls == "disable" {
+	if conf.Server.Tls == config.TlsDisable {
 		log.Printf("TLS disabled - rdp gw connections require tls, make sure to have a terminator")
 	} else {
 		// auto config
@@ -203,7 +203,7 @@ func main() {
 		ServerConf: &gwConfig,
 	}
 
-	if conf.Server.Authentication == "local" {
+	if conf.Server.Authentication == config.AuthenticationBasic {
 		h := web.BasicAuthHandler{SocketAddress: conf.Server.AuthSocket}
 		http.Handle("/remoteDesktopGateway/", common.EnrichContext(h.BasicAuth(gw.HandleGatewayProtocol)))
 	} else {
@@ -216,7 +216,7 @@ func main() {
 	http.Handle("/metrics", promhttp.Handler())
 	http.HandleFunc("/tokeninfo", web.TokenInfo)
 
-	if conf.Server.Tls == "disabled" {
+	if conf.Server.Tls == config.TlsDisable {
 		err = server.ListenAndServe()
 	} else {
 		err = server.ListenAndServeTLS("", "")