Appendix C – Integration with plugin use case
User, User Portal, Spark Gateway
- Have user credentials in plain text.
- Provide a service to verify the user (optional).
- Write a simple plugin in java for Spark Gateway.
- Disable VNC access by setting vnc = false in gateway.conf (SSH, Telnet are disabled by default).
- User login to User Portal.
- User Portal encrypt the user credential and other information like User Portal session id as a token string, for example:
- User Portal construct a connection link and display it to user:
http://gateway/rdpdirect.html?token=myEcryptedToken&displayName=nameOnBrowserTitle&otherParameters; or use the Spark View JS library directly to create a connection:
var rdp = new svGlobal.Rdp(‘wss://gateway/RDP?token=myEycryptedToken&..’, width, height, color);
- User click the link and connect.
- SparkView plugin decrypt the token, verify the user session (optional) and put the decrypted RDP parameters back (Please check the plugin example for details: http://www.remotespark.com/Plugin.zip)
- User credentials are encrypted.
- Encryption and decryption are done on server side which is pretty safe.
- Plugin can also be used to verify if user is form a valid session, or extend the SparkView functionality.
- Need to write some lines of Java code for Spark View gateway.
- You may need to recompile the plugin when upgrading to a new version of Spark Gateway (if the plugin interface changed).
- Encrypted user credentials still need to be sent to the browser.
Both use cases are recommended. You can also consider to use them together (symlink with plugin), so user credentials can be encrypted and don’t need to be sent to the client side.
If User Portal cannot have the user credentials in plain text, you can consider to create a temporary windows user account for every user and remove this account later.