3.5 – Users

Contents:

General
User creation
Activate two-factor authentication (2FA)
Reset second factor (2FA) for individual users

General

By default, users.json in the data directory is used to authenticate users and use the local user database (see below for user creation). Users must then log in to SparkView once this file exists and is in use.

After successful login, the destinations and hosts that the user can reach using different protocols (RDP, SSH, VNC, HTTP/S, etc.) are displayed:

User creation

Local user database

You can use config.html to configure users.json. Use your browser and navigate to: http://localhost/config.html. For security reason, this page can be only accessed from localhost. The user name should be your email if you are using OpenID integration (log in with Google Account etc).

The following parameters can be stored when creating a user:

Name
Password
Server, which the user is allowed to access
Domain user (yes/no)
Domain server and port
LDAP security
Forward Credentials to Connection (SSO)
Host name (for RDP connections)
Key file (for SSH connections)
Password of key file

Integrate Active Directory/LDAP/RADIUS

To connect to Active Directory, LDAP, or RADIUS, use the specific instructions in Chapter 3.27.

Import from Active Directory

In addition to the normal Active Directory connection, users can also be imported and written to the users.json file. This allows you to transfer user management from Active Directory to SparkView.

To start an import, open the Users tab on the config.html page and enter the required details in the fields listed above:

Explanation of the fields:

Username = AD user who is allowed to perform an import (e.g. the administrator)
Password = Password of the AD user
Domain = Domain where the users for the import are located
OU/CN/DC = Structure where the users are located within the AD forest. If the users are located in the default user directory, the structure is as follows CN=Users,DC=domain,DC=com. To find out in which structure a user is located, the following Powershell command can be used Get-ADuser -Identity "username".
Group = The group in which the users you want to import are located.
Domain Server = The URL/IP address of the Active Directory server.
AD-Security = What encryption will be used for the connection? (e.g. SSL, TLS)

In addition, the last field can be used to assign servers to the imported users. Enter the server IDs from the Servers tab, separated by commas.

OAuth 2.0

You can also log in with Google, Yahoo etc with OAuth 2.0 integration. For OAuth 2.0 integration

You don’t need to enter user name and password in the login.html.
Make sure the user name in users.json is your email address (Gmail address if you are using Google account).
The password in users.json will be ignored, so you can give any passwords to user

If you don’t need this OAuth 2.0 integration, you can remove the following part from login.html:
<a href="/OPENID?id=Google"><img src="google.png" title="Sign in with Google account"/></a>

Please check Chapter 3.22 for more information about OAuth 2.0.

Activate two-factor authentication (2FA)

An authenticator app (e.g. Google Authenticator) is required for use.

Set twoFA=1 to activate or twoFA=2 to force in gateway.conf
The user logs in to SparkView, a QR code appears
Scan the QR code with the Authenticator app and enter the 6-digit code

Reset second factor (2FA) for individual users

There are 3 ways to reset the second factor for individual users:

⚠️ Attention!

To reset the second factor, the SparkView service must first be stopped.

Java-Command

Use the following command in the SparkView root directory:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username

For AD users with domain, please use the following command:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

For Windows users:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username or if AD:
java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

cURL-Request

The SparkView service must be running for this. Then please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=username" http://sparkview-server.com/CONTROL

For AD users, please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=domain\user.name" http://sparkview-server.com/CONTROL

HTTP request (API)

The SparkView service must be running and a hashed management password must be used. Then please call up the following URL:
http://sparkview-server.com/CONTROL?target=twofa&user=username&gatewayPwd=21232f297a57a5a743894a0e4a801fc3

1.1 – Features

1.2 – Architecture

1.3 – What's the difference

2.1 – Install J2SE Software Development Kit (JDK)

2.2 – Install as a Windows service

2.3 – Install as Linux/Unix daemon

2.4 – Install as macOS daemon

2.5 – Install HTML client on other web servers

2.6 – Run SparkView as a container (Docker)

2.7 – Install as PWA

2.8 – Integrating a license

3.1 – Gateway

3.2 – HTTPS and WSS (WebSocket secure connection)

3.3 – Remote Desktop Web Access Portal Integration

3.4 – Servers & RDP options

3.5 – Users

3.6 – Easy printing

3.7 – RemoteApp and start a program instead of the whole desktop

3.8 – Clipboard redirection and shared clipboard

3.9 – Bidirectional audio redirection (RDP)

3.10 – File share (uploading and downloading)

3.11 – Session Recording and Playback

3.12 – Session Shadowing (join or share an active session on gateway)

3.13 – Native RDP shadowing (join any active RDP sessions)

3.14 – Touch interface (iOS, Android etc)

3.15 – Touch remoting

3.16 – Hyper-V Console and Enhanced Session Mode

3.17 – RDP connection cache/pool

3.18 – Symlink (access link)

3.19 – Macro recording

3.20 - Remote assistance

3.21 – RFB (VNC) protocol support

3.22 – SSH and Telnet

3.23 – Smart Card Redirection

3.24 – Scanner redirection

3.25 – USB redirection

3.26 – OAuth 2.0/Okta integration

3.27 – Active Directory, Azure AD, LDAP, RADIUS integration

3.28 – Using Java parameters

3.29 – Send logs to syslog

3.30 — Add HTTP/S proxy entry

4.1 – config.html

4.2 – file.html

4.3 – join.html

4.4 – login.html

4.5 – player.html

4.6 – rdp.html

4.7 – report.html

4.8 – shadow.html

4.9 – ssh.html

4.10 – telnet.html

4.11 – vnc.html

4.12 – Further files and views

5.1 – Session management

5.2 – Multi-Monitor

5.3 – SMB2 and SFTB file proxy

5.4 – Deploy, run and test applications in the cloud

5.5 – IP filter (iptables)

5.6 – SNMP integration

5.7 – SSH authentication with keys

6.1 – Reporting API (query server status, client side JavaScript API)

6.2 – RDP library (client side JavaScript API)

6.2.1 – RDP parameters

6.2.2 – Passing parameters via URL (Connection String)

6.2.3 – Passing parameter via object or cookie

6.2.4 – Usage of RDP class

6.2.5 – Extend RDP: Virtual Channel and Dynamic Virtual Channel

6.2.6 – Extend Gateway: Gateway Channel

6.3 – Plug-ins (server side Java API)

6.4 – HTTP Request API (server side)

7.1 – Reverse Agent: Getting started

Appendix A – Shortcut keys

Appendix B – Browser support

Appendix C – EchoHandler and network check

Appendix D – configuration example for nginx

Appendix E – configuration example for Apache Proxy

Appendix F – configuration for Juniper, Cisco, Dell etc SSL VPN

Appendix G – SMB path

Appendix H – Ping

Appendix I – TrustStore