Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
17-10-2018, 04:59 PM
Our company has added a 3rd field after Login and Password, to the login window which currently requires manual input.
Is there a way to add a custom field to the RDP credentials store to fill out that 3rd field.
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
How can a third field be configured for Windows Login? Never seen this before - I first have to check if it is possible by the RDP client to fill this custom field...
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
18-10-2018, 02:24 PM
(This post was last modified: 18-10-2018, 02:25 PM by Lycan.)
(18-10-2018, 09:33 AM)DevOma Wrote: How can a third field be configured for Windows Login? Never seen this before - I first have to check if it is possible by the RDP client to fill this custom field...
As part of adding an MFA product to the login process, a unique identifier was added to the initial login screen.
I've attached a partial screen image so that you can see the prompts...
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
So it's a kind of MultiFactor-Auth for RDP-Login - is the value you have to enter in the third field a static value? For MFA is should be send to you when trying to login - so how you should know the content before connecting to the server? Then you also need the code for the MFA field e.g. by an API to the MFA provider?!?
Correct me if I'm wrong - but just to add a third field in credentials will not solve this?!? We have MFA for Password-Server integrations but then you also have to type your Code into any textbox before you can connect to the PasswordServer...
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
(18-10-2018, 02:50 PM)DevOma Wrote: So it's a kind of MultiFactor-Auth for RDP-Login - is the value you have to enter in the third field a static value? For MFA is should be send to you when trying to login - so how you should know the content before connecting to the server? Then you also need the code for the MFA field e.g. by an API to the MFA provider?!?
Correct me if I'm wrong - but just to add a third field in credentials will not solve this?!? We have MFA for Password-Server integrations but then you also have to type your Code into any textbox before you can connect to the PasswordServer...
This is not the MFA component, but a static field to assist with identifying which MFA profile to use.
It would be like the account / password field, just a 3rd static text field to load with the value stored.
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
What I could see being done, would be to allow to "add" additional "static entries", which would be "entered" in the order posted.
Showing all the "fields" that would be entered.
Login: xxxxxxxxxxx
Password: xxxxxxxxxxxx
Extra Field[#]: xxxxxxxxxxxxxxxxx
Maintain: Add Extra/ Delete Extra Buttons
Then Positioning: First/Last/Up/Down Buttons
Select an entry, click on buttons to Add/Delete or Modify the order for data placement.
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
Once again - is the content of the third field really static? MFA makes only sense when the code is only valid for some time (only 30-60 seconds) - and then it would senseless to add any custom field…
At the moment I didn't find any possible API to add something more to the login of an RDP session - but first we have to clarify if it really make sense!
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
(19-10-2018, 12:47 PM)DevOma Wrote: Once again - is the content of the third field really static? MFA makes only sense when the code is only valid for some time (only 30-60 seconds) - and then it would senseless to add any custom field…
At the moment I didn't find any possible API to add something more to the login of an RDP session - but first we have to clarify if it really make sense!
Yes, as I've said, it is "really" static.
After we've "authenticated" on this screen, the followup screen prompts us for which "MFA" token we want to use, push, pin, text, etc...
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
Ok I will add a task to my ToDo list - but as I told you my first research was not successful how to add one more field to login...
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
Excellent, and thanks.
If you need someone to "test", I'm more than willing to do so.
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
19-10-2018, 06:03 PM
(This post was last modified: 20-10-2018, 05:26 AM by Lycan.)
Perhaps a "simpler" approach would work.
Since you pass login/password through the RDP session, maybe a "button" to fill in the "extra" fields, or map a keystroke to do so.
What I have to do with the keyboard is:
<Tab><Tab><fielddata><Enter>
Right now, I have a macro mapped for the value, but not everyone uses a gaming keyboard.
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
I tried to implement - and it is working but only if the login dialog is displayed inside the rdp connection - I tested with some OS and the newer ones prompt me for user login outside the rdp session - I think there is an option on RDP server side that you can enable/disable - I will check if I can control through the rdp ActiveX control too - then it should be possible - I will let you know asap
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
(30-10-2018, 11:15 AM)DevOma Wrote: I tried to implement - and it is working but only if the login dialog is displayed inside the rdp connection - I tested with some OS and the newer ones prompt me for user login outside the rdp session - I think there is an option on RDP server side that you can enable/disable - I will check if I can control through the rdp ActiveX control too - then it should be possible - I will let you know asap
Excellent. The login screen is being displayed, and prompting for login/password/3rd element.
My guess is that it won't prompt outside the rdp session since it requires the 3rd element to be manually entered.
Testing will tell.
Thanks for the update!
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
It will be in the next patch - hopefully published in the next 2 weeks :-)
Regards/Gruss
Oliver
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
I just want to explain you how it is implemented currently - I hope it fits your requirements
To send some keys to the RDP login I have to use a "SendKeys" function - this works like emulate a keystroke from your keyboard - and depending on which keyboard you have, on the language and so on it is not easy to send the right codes to the control - so we implement a "record key strokes" function that will translate your key strokes into some KeyCodes (that are needed) - and for some special characters like SHIFT, TAB, RETURN we have defined some static text (<SHIFT> <TAB> <RETURN>) - so you can't copy your text just into a text box you have to enter all characters manually and the necessary KeyCodes are generated for you.
So currently this value can be entered in a connection - RDP=>Logon/SendKeys category - you can use it with Inherit on more than one object but it is not related to the credential itself - just want to know if this will work for you - it is a special input that is related only to RDP login and I do not like to add a field for that in the credentials (if possible :-)) - just think about it or test it with the next patch
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
(30-10-2018, 04:25 PM)DevOma Wrote: I just want to explain you how it is implemented currently - I hope it fits your requirements
To send some keys to the RDP login I have to use a "SendKeys" function - this works like emulate a keystroke from your keyboard - and depending on which keyboard you have, on the language and so on it is not easy to send the right codes to the control - so we implement a "record key strokes" function that will translate your key strokes into some KeyCodes (that are needed) - and for some special characters like SHIFT, TAB, RETURN we have defined some static text (<SHIFT> <TAB> <RETURN>) - so you can't copy your text just into a text box you have to enter all characters manually and the necessary KeyCodes are generated for you.
So currently this value can be entered in a connection - RDP=>Logon/SendKeys category - you can use it with Inherit on more than one object but it is not related to the credential itself - just want to know if this will work for you - it is a special input that is related only to RDP login and I do not like to add a field for that in the credentials (if possible :-)) - just think about it or test it with the next patch That sounds logical. Can't wait to try it out.
Thank you for all of your efforts in this!!
Posts: 2
Threads: 0
Joined: Nov 2018
Reputation:
0
I am looking to test this as well. We are in the same position. We have a modified credential provider that has a 3rd box (under password) were a static entry is typed for the MFA provider to know what account to use as we have these separate from the server login details.
The ability to send a static entry to a 3rd field would be a great feature.
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
20-11-2018, 04:17 PM
(This post was last modified: 20-11-2018, 04:24 PM by Lycan.)
(14-11-2018, 05:52 PM)m4ppy Wrote: I am looking to test this as well. We are in the same position. We have a modified credential provider that has a 3rd box (under password) were a static entry is typed for the MFA provider to know what account to use as we have these separate from the server login details.
The ability to send a static entry to a 3rd field would be a great feature.
Just tried the new feature.
1st, after clicking "start recording keystrokes", I have to use the mouse to set focus to the capture box.
Then, if I hit the tab key, which I have to do twice, it just moves to the focus to the ok box, then cancel box.
I then tried the ^I (ctrl-i) in place of the tab key, to get ascii code 9, instead I get 17;73;17;73, which does not move the cursor from password field to 3rd field as it should.
I think we need a pause after the Use SendKeys 'Return' to accept logon message.
What I am seeing appears to be sending the custom keys before it finishes sending the 'Return' to change to the user/password/extra field screen.
I think we're close, but not quite there yet.
Posts: 11,205
Threads: 101
Joined: Aug 2006
Reputation:
205
Ok - the TAB you need to enter manually - <TAB>
Of course I can implement a pause - is it really necessary? Please try the manually entered <TAB> first :-)
Regards/Gruss
Oliver
Posts: 17
Threads: 1
Joined: Oct 2018
Reputation:
0
20-11-2018, 05:04 PM
(This post was last modified: 20-11-2018, 05:12 PM by Lycan.)
(20-11-2018, 04:24 PM)DevOma Wrote: Ok - the TAB you need to enter manually - <TAB>
Of course I can implement a pause - is it really necessary? Please try the manually entered <TAB> first :-)
<TAB>;<TAB>; does not appear to work.
I think a pause after the logon screen <Return> would be a good idea.
|