Secure Your RustDesk Server Pro with Authentik OAuth Integration

RustDesk Server Pro provides a robust, self-hosted solution for managing remote desktop connections, emphasizing security and efficiency. For organizations prioritizing control and advanced features like custom branding, RustDesk Server Pro delivers a scalable and dependable remote access platform. This guide details the process of enhancing its security by configuring RustDesk Server Pro to utilize authentik, a powerful open-source Identity Provider, as the OAuth provider for Web GUI login.

Preparation

Before starting the configuration process, ensure you have the following prerequisites in place. This guide uses placeholder domain names for clarity:

• rustdesk.company: Represents the Fully Qualified Domain Name (FQDN) of your RustDesk Server Pro installation.
• authentik.company: Denotes the FQDN of your authentik installation.

Important Note: This documentation focuses exclusively on the settings requiring modification from their default values. Altering settings beyond those explicitly mentioned in this guide may lead to issues with application accessibility. Adhere strictly to the outlined configurations to ensure seamless integration.

authentik Configuration

To begin, you need to establish an OAuth2/OpenID provider and application within authentik. Follow these steps to configure authentik for seamless integration with RustDesk Server Pro:

1. Access Authentik Admin Interface: Log in to your authentik administrative interface using your credentials.
2. Navigate to Applications: In the left-hand navigation menu, locate and click on Applications, then select Applications again to manage your applications.
3. Create New Application and Provider: Utilize the application creation wizard to set up a new application and its corresponding provider. During this setup:
   • Record Credentials: Carefully note down the generated Client ID, Client Secret, and the slug value. These credentials will be essential for configuring RustDesk Server Pro.
   • Authorization Flow: Choose your preferred authorization flow, either implicit or explicit, based on your security requirements.
   • Set Redirect URI: Accurately configure the Redirect URI to https://rustdesk.company/api/oidc/callback. This URI is crucial for the authentication process to redirect users back to RustDesk Server Pro after successful authentication with authentik.
   • Signing Key: Select any available signing key for enhanced security of the OAuth communication.

RustDesk Server Pro Configuration

Once authentik is properly configured, integrate it with your RustDesk Server Pro installation by following these steps:

1. Login to RustDesk Server Pro: Access your RustDesk Server Pro web interface using a web browser and your administrative credentials.
2. Access OIDC Settings: In the left-hand menu, navigate to Settings and then select the OIDC option to configure OpenID Connect settings.
3. Add New Authentication Provider: Click on the + New Auth Provider button to initiate the process of adding a new authentication source.
4. Select Custom Auth Type: In the pop-up window, choose custom as the Auth Type from the dropdown menu and click OK to proceed with custom configuration.
5. Configure Provider Details: Carefully input the following values, utilizing the information obtained from your authentik provider configuration:
   • Name: Assign a descriptive name to this provider, for example, authentik.
   • Client ID: Enter the Client ID that you copied from authentik during the application creation.
   • Client secret: Input the Client Secret obtained from authentik.
   • Issuer: Set the Issuer URL to https://authentik.company/application/o/slug/, replacing slug with the actual slug value from your authentik provider.
   • Authorization Endpoint: Configure the Authorization Endpoint to https://authentik.company/application/o/authorize/.
   • Token Endpoint: Set the Token Endpoint to https://authentik.company/application/o/token/.
   • Userinfo Endpoint: Configure the Userinfo Endpoint to https://authentik.company/application/o/userinfo/.
   • JWKS Endpoint: Set the JWKS Endpoint to https://authentik.company/application/o/slug/jwks/, ensuring you replace slug with your authentik slug value.

Important Information: User accounts are automatically created within RustDesk Server Pro upon their initial login via authentik. However, it’s crucial to note that administrative permissions must be manually assigned to these newly created users by a RustDesk Server Pro administrator after their first successful login.

Test the Login

To ensure the successful configuration of authentik with RustDesk Server Pro, perform the following test:

• Open RustDesk Server Pro in Browser: Launch a web browser and navigate to https://rustdesk.company.
• Initiate Authentik Login: Click on the “Continue with authentik” button, which should now be visible on the login page.
• Redirection to Authentik: You should be automatically redirected to your authentik login portal, prompting you to authenticate using your authentik credentials. Complete the login process as configured in authentik.
• Successful Redirection and Login: Upon successful authentication in authentik, you will be redirected back to https://rustdesk.company. Verify the successful setup by confirming that your username is displayed in the top right corner of the RustDesk Server Pro interface, indicating a successful login through authentik.