Forum Discussion
Nimbostratus2 factor authentication for MS RDP terminalService published trough the F5
Long time ago I was involved in a project where we should show how we could implement 2 factor authentication for Microsoft terminal server gw - published trough the F5 on the internet. We here went for the native MS RDP client using MS TerminalServer GW - this gives the best user experience. We also wanted to use RSA SecureID as second factor for two factor auth. But we the faced a problem since there wasn't any where in this client to enter the token code. We ended up in mis-using the TS GW password field for token input ;-) It worked but this wasn't a solution that was useable for a production environment.
But how could this else be solved? We have to use the native MS Windows RDP client because it is a public offered service where we don't want to deploy "extra" sw to clients around the world - and the native MS Windows RDP client gives the best user-experience
Any suggestions?
best regards /ti
3 Replies
kunjanCan't we create a 2 factor authentication action before the RDP resource access action? The logon page to capture both login credentials, AD and 2FA.
- tiwang
Well - that is also what I am considering myself right now - and afterwards launch a RDP client with ip adresse of the ts gw - maybe assign a ACL with client ip and port Just trying to build myself a lab right now with 11.3 and see if I can expect that I am able to launch a rdp client on the pc from the f5 with the correct addresses etc
Seth_CooperEmployee
You are using a token based auth so probably 6 fixed characters? If so you can always have the password concatenated together (XXXXXXYYYYYYYYY). You can then use the VPE to split the password field after the first 6 characters and then pass the RSA token to RSA auth then the AD password to AD Auth.
Seth
