Client side redirection with pluggable authentication and authorization
First Claim
1. A method comprising:
- by an operating system (OS) of a first computing device;
receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection;
creating an RDP virtual channel over the first RDP connection;
permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel;
qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and
if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device;
an instruction for the RDP client device to be re-directed from the first computing device to the second computing device;
an instruction for the RDP client device to close the first RDP connection; and
one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework.
14 Assignments
0 Petitions
Accused Products
Abstract
A system and method of client side redirection with pluggable authentication and authorization is disclosed. In a particular embodiment, an operating system of a first computing device receives a request to cause remote desktop protocol (RDP) client device to connect to a second computing device. The client is coupled to the first computing device via a first RDP connection. The first computing device may use information associated with the first RDP connection to qualify the client to connect to the second computing device. If qualified, first computing device may send a redirect instruction to the client that redirects the client from the first computing device to the second computing device. The first computing device may send credentials to the client for use in establishing a second RDP connection to the second computing device. The redirect instruction and credentials may be sent via a virtual channel of the first RDP connection.
-
Citations
13 Claims
-
1. A method comprising:
-
by an operating system (OS) of a first computing device; receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection; creating an RDP virtual channel over the first RDP connection; permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel; qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device; an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; an instruction for the RDP client device to close the first RDP connection; and one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable non-transitory storage media embodying logic that is operable when executed to:
-
by an operating system (OS) of a first computing device; receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection; creating an RDP virtual channel over the first RDP connection; permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel; qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device; an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; an instruction for the RDP client device to close the first RDP connection; and one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework. - View Dependent Claims (8, 9, 10)
-
-
11. An information handling system comprising:
-
one or more processors; and a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to; by an operating system (OS) of a first computing device; receiving a request to cause a remote desktop protocol (RDP) client device to connect to a second computing device, the RDP client device being coupled to the first computing device via a first RDP connection; creating an RDP virtual channel over the first RDP connection; permitting the RDP client device to establish a tunnel and a channel using specialized gateway service attachment through the RDP virtual channel to the second computing device, wherein the tunnel is an encrypted secure shell tunnel; qualifying the RDP client device to connect to the second computing device based at least on information associated with the first RDP connection, wherein qualifying the RDP client device comprises checking a permissions vector, wherein the permissions vector is provided to the RDP client device from a PAA ticketing server; and if the RDP client device is qualified to connect to the second computing device, then sending to the RDP client device; an instruction for the RDP client device to be re-directed from the first computing device to the second computing device; an instruction for the RDP client device to close the first RDP connection; and one or more credentials for the RDP client device to establish a second RDP connection to the second computing device, wherein the instruction and the credentials are being sent to the RDP client device via the RDP virtual channel and the tunnel created over the first RDP connection, wherein the RDP virtual channel is used to create a virtual private network between the RDP client device and one or more servers by attaching one or more gateway functions to each end of the RDP virtual channel, and wherein the second RDP connection allows the RDP client device to access the second computing device, wherein each of the first and second RDP connections comprises a gateway, and wherein the credentials being sent to the RDP client device allow the RDP client device to access the second computing device from the gateway based at least on a pluggable authentication and authorization framework. - View Dependent Claims (12, 13)
-
Specification