Microsoft Remote Desktop Services & OpenOTP
  Download PDF

How To Configure MS Remote Desktop Services with OpenOTP

Note

OpenOTP plugin for Remote Desktop Services works for Windows Server 2012 & 2016.

If you have an older version, you have to update your RDS infrastructure.

1. Remote Desktop Services Infrastructure

In this post we will assume an existing Remote Desktop Services infrastructure installed and available. This post will not cover how to setup RDS. Please refer to the Microsoft documentation and/or the TechNet blog for details about how to install and configured Microsoft | TechNet.

2. WebADM/OpenOTP

For this recipe, you will need to have WebADM/OpenOTP installed and configured. Please, refer to WebADM Installation Guide and WebADM Manual to do it.

3. Installation of OpenOTP Plugin for RDS

OpenOTP plugin for Microsoft RDS have to be installed on every RDWeb servers you have. You have to download the plugin on RCDevs Website at the following links OpenOTP Plugin for RDWeb Gateway.

Extract files from the archive on your RDS server(s), run the MSI file and click on Next.


Accept End-User license Agreement and click on Next.


On the next page, choose your default folder location and click on Next.


On this page, you have to configure the OpenOTP SOAP URL(s). Your WebADM SOAP endpoint should be: https://your-web-adm-ip-address-or-dns-name:8443/openotp/. You can also configure a message for the end-user login page. Click on Next.


On the next page, every configurations are optional. If you’d like to use a client certificate for enhanced security, please use this next screen to provide the detail. Clicking on the question marks (?) will provide additional help during the installation procedure.


On the next page, you can configure a custom message when users need assistance. For example :


Next page allow you to configure failover with OpenOTP, SOAP request timeout and UPN Mode. Keep the default configuration if you are not sure of what you need. Click on Next and Install.

Installation is complete. Click on Finish.


Plugin installation

Repeat this procedure on every RDWeb servers!

You are now able to login on your RDWeb server with OpenOTP. Go on your RDWeb page and please enter your credentials :


WedADM authentication policy

Here, WebADM is configured with the authentication policy LDAP + OTP but, LDAP credentials are not checked by WebADM/OpenOTP but by Windows. In any case, OpenOTP will only check the OTP password.


Enter your OTP password on the next screen and click on Submit.

And you are logged on :


It’s done for the RDWeb.

RDP Application & OpenOTP

If you have remote applications accessible through RDP and you want to secure these applications access with OpenOTP, you have to install OpenOTP Plugin for Windows Login.