Single Sign On

In a multi-application Single-Sign-On environment users log in once into one application and gain access to all the other applications without being prompted to log in again for each of them.

As different applications and resources support different authentication mechanisms,Thinfinity® Remote Desktop Server has to internally translate and store different credentials for the supported single-sing-on methods, in order to interpret them into the Thinfinity® Remote Desktop Server local credentials

OAuth 2.0 integration: The configuration options for OAuth 2.0 have been expanded. Now, OAuth /2 authentication servers other than Google are also supported by Thinfinity Remote Desktop Server.

OAuth 2.0 is a protocol that validates users against a remote server. This means that Thinfinity Remote Desktop Server doesn't validate the user internally, using a username and password. The user authentication is relayed to the OAuth 2.0 server. Once the OAuth 2.0 server validates the user, it returns a validation code to Thinfinity Remote Desktop Server. This code will allow Thinfinity Remote Desktop Server to access a token. This token provides access to user information —such as the user email— in the OAuth 2.0 authentication server. Thinfinity Remote Desktop Server uses this token to request this information. Although not specified by the OAuth 2.0 normative, the Profile information server usually returns a JSON object. This JSON object includes values that can be used in Thinfinity Remote Desktop Server to validate the user. These values are mapped to Windows users, so that the corresponding Thinfinity Remote Desktop Server permissions are applied.

In order to use OAuth 2.0 in Thinfinity Remote Desktop Server, add “/oauth2” or “/google” to the Thinfinity Remote Desktop Server URL:

https://<ThinfinityRDServer>/oauth2

This is the callback URL that has to be configured in the AOuth 2.0 server in order to return the user validation code so that Thinfinity Remote Desktop Server can continue with the validation process.

Thinfinity Remote Desktop Server gets its address from the route where the browser request is made. This information cannot be modified.

· Facebook OAuth authentication example

· Enabling OAuth/2 on Thinfinity® Remote Desktop Server

Google accounts integration:

Thinfinity® Remote Desktop Server authentication can be integrated to the Google accounts. On the links below you will find the information to set up Thinfinity® Remote Desktop Server to work with this method:

· Google OAuth/2

· Google ID for web applications

· Enabling Google OAuth/2 on Thinfinity® Remote Desktop Server

RADIUS integration:

Thinfinity® Remote Desktop Server authentication can be integrated with a RADIUS account. On the links below you will find the information to set up Thinfinity® Remote Desktop Server to work with this method:

· RADIUS

· Enabling RADIUS on Thinfinity® Remote Desktop Server

Other single-sign-on methods:

Any other method can also be supported by Thinfinity® Remote Desktop Server. To make any other methods work with Thinfinity® Remote Desktop Server you have to map external users to Thinfinity® Remote Desktop Server and substitute the password with the Thinfinity® Remote Desktop Server ApiKey mechanism.