workspaces-issues icon indicating copy to clipboard operation
workspaces-issues copied to clipboard
verified publisher icon kasmtech

[Bug] - Proxy auth token generated was longer than 400 bytes 407 unable to store in RDP config file

Open nmbgeek opened this issue 1 year ago • 2 comments

Describe the bug When some users try to use the RDP Native Client they receive an error that the file could not be generated. In the log I receive an error that "Proxy auth token generated was longer than 400 bytes XXX unable to store in RDP config file" where XXX is a number slightly larger than 400. Not all users are experiencing this.

To Reproduce Steps to reproduce the behavior: Setup Kasm with LDAP Authentication, Windows RDP server with SSO pass through.

Expected behavior Successful RDP connection.

Workspaces Version Version 1.16.1

Workspaces Installation Method Single Server

Client Browser (please complete the following information):

  • OS: Windows 11
  • Browser: Chrome, Edge, etc.
  • Version 132.x

Workspace Server Information (please provide the output of the following commands):

  • uname -a: Linux ubuntu 5.15.0-130-generic #140-Ubuntu SMP Wed Dec 18 17:59:53 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
  • cat /etc/os-release:
PRETTY_NAME="Ubuntu 22.04.5 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.5 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
  • sudo docker info:
Client:
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  v2.5.0
    Path:     /usr/local/lib/docker/cli-plugins/docker-compose

Server:
 Containers: 30
  Running: 11
  Paused: 0
  Stopped: 19
 Images: 42
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan kasmweb/sidecar:1.1 macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version:
 runc version:
 init version:
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 5.15.0-130-generic
 Operating System: Ubuntu 22.04.5 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 20
 Total Memory: 31.32GiB
 Name: ubuntu
 ID: 202eed71-4e83-4f60-83a4-9ed3dd0e2b2b
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
  • sudo docker ps | grep kasm:
537c78def5d8   kasmweb/proxy:1.16.1               "/docker-entrypoint.…"   21 hours ago    Up About an hour
80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   kasm_proxy
19d04c2204e2   kasmweb/rdp-https-gateway:1.16.1   "/opt/rdpgw/rdpgw"       23 hours ago    Up About an hour (healthy)
                                               kasm_rdp_https_gateway
c5d558ba8c5d   kasmweb/share:1.16.1               "/bin/sh -c '/usr/bi…"   23 hours ago    Up About an hour (healthy)   8182/tcp                                        kasm_share
11f874bc05e8   kasmweb/rdp-gateway:1.16.1         "/start.sh"              23 hours ago    Up About an hour (healthy)   0.0.0.0:3389->3389/tcp, :::3389->3389/tcp       kasm_rdp_gateway
8a55ab989322   kasmweb/api:1.16.1                 "/bin/sh -c '/usr/bi…"   23 hours ago    Up About an hour (healthy)   8080/tcp                                        kasm_api
5d6bb9dfcc82   redis:5-alpine                     "docker-entrypoint.s…"   23 hours ago    Up About an hour
6379/tcp                                        kasm_redis
de3cdf938a78   postgres:14-alpine                 "docker-entrypoint.s…"   23 hours ago    Up About an hour (healthy)   5432/tcp                                        kasm_db
de4759b6257c   kasmweb/agent:1.16.1               "/bin/sh -c '/usr/bi…"   37 hours ago    Up About an hour (healthy)   4444/tcp                                        kasm_agent
b5b0f9c2a0fa   kasmweb/manager:1.16.1             "/usr/bin/startup.sh…"   37 hours ago    Up About an hour (healthy)   8181/tcp                                        kasm_manager
2ad487c8ef0d   kasmweb/kasm-guac:1.16.1           "/dockerentrypoint.sh"   37 hours ago    Up About an hour (healthy)
                                               kasm_guac

Additional context This is a fresh 1.16.1 install. I have updated the RDP file signing certificate and key along with the kasm certificates with those from a trusted CA to prevent warnings in the RDP file. As noted for some users the rdp client file works great but others receive a generic error with the above error logged in Kasm.

nmbgeek avatar Jan 19 '25 01:01 nmbgeek

Hello @nmbgeek, I've taken a look at this, we have to limit the size of our JWT tokens based on what the specification and the individual clients allow us to use. I have tested a larger limit value that I believe should address this issue you are seeing, I am working on a path for the upcoming 1.17.0 release as well as 1.16.1-rolling release. I will reply back here with update instructions once it is tested and released.

rickkoliser avatar Jan 22 '25 20:01 rickkoliser

Hello @nmbgeek, I wanted to let you know that a fix with a larger length limit for the field has been added to our developer preview and backported to 1.16.1 if you are using the 1.16.1-rolling tags for the Kasm service containers, see: https://kasmweb.atlassian.net/wiki/x/EwCN for how to migrate your Kasm deployment to 1.16.1-rolling service containers.

rickkoliser avatar Feb 14 '25 15:02 rickkoliser