Does IronRDP support Azure AD?

[nicowilliams]

Does IronRDP support Azure AD?

[awakecoding]

No, and there are several challenges involved to make it work that aren't specific to IronRDP.

If we're talking of the RDP web client, it is literally impossible at this point because none of the two possible protocols (PKU2U and Entra ID SSO) have only been designed with desktop RDP clients in mind. It's weird to say that a web-based login can't be done from a web browser, but that's unfortunately the case: the Entra ID SSO can only have a redirect URI registered to a native broker executable in Windows.

If we're talking of a native client, there are some things that could be done, and in theory, with enough effort, it can be done. However, there's a lot of work. The PKU2U approach requires the client to be Entra ID joined to the same tenant as the destination server, and the most important bits to talk to Azure are not documented. The Entra ID SSO approach would require the integration of a native web view in which we can intercept the redirect URI before it is forwarded to the built-in broker executable in Windows.

Short answer: no
Long answer: probably no for quite a while, unless someone wants to work on it.

[nicowilliams]

Thanks.

Is PKU2U https://datatracker.ietf.org/doc/draft-zhu-pku2u/?

FreeRDP (which I can't quite get to work) shows the user a link that they have to open in a browser, then it prompts to have the user paste back the final redirected-to URI from the browser.