mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-14 16:34:18 +09:00
5e76909881
This change enables an alternative way of acquiring the necessary access tokens through a local identity broker. In the current implementation, we need to visit URLs twice and paste back the URLs we are redirected to in order to extract authorization codes and ultimately fetch the correct access tokens for RDP (described here: <0>). As an alternative, MS also provides the Microsoft Authentication Library (MSAL) through which authentication can be handled more or less in the background when we're using a trusted device. In particular, we can request access tokens with the same parameters as we're currently doing through the URL-based scheme. As the MSAL bindings are not available for C, we implemented a small wrapper library called sso-mib which is available at https://github.com/siemens/sso-mib. This library translates the high-level requests (such as acquire_token_interactive) to respective messages on the D-Bus messaging bus which is used to communicate with the identity broker service on Linux. The library can be built as a .deb package and subsequently be found through PkgConfig mechanisms in CMake. When sso-mib is not available through pkg-config, it can also be placed in external/, with the directory structure looking like the following. include/ is copied from the root of the sso-mib directory and lib/ populated with the built shared library files and symlinks. external/ ├── README └── sso-mib ├── include │ └── sso-mib │ ├── mib-account.h │ ├── mib-client-app.h │ ├── mib-exports.h │ ├── mib-pop-params.h │ ├── mib-prt.h │ ├── mib-prt-sso-cookie.h │ └── sso-mib.h └── lib ├── libsso-mib.so -> libsso-mib.so.0 ├── libsso-mib.so.0 -> libsso-mib.so.0.4.0 └── libsso-mib.so.0.4.0 This feature is currently hidden behind a configuration switch and must be enabled via `-DWITH_SSO_MIB=ON`. If the connection to the broker fails (for example, if no identity broker is installed or running on the system), we automatically fall back to the current scheme of copy-pasting URLs. <0>: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e967ebeb-9e9f-443e-857a-5208802943c2