F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

veato's avatar
veato
Icon for Nimbostratus rankNimbostratus
Sep 30, 2020

Access Policy for Remote Desktop with Azure MFA

I have an access policy for my remote desktop service which is relatively straighforward - logon page (user, password and 2FA token) > AD Auth > Vasco Auth > Resource Assign (Remote Desktop and Webto...
application delivery
Azure
BIG-IP Access Policy Manager (APM)
boneyard's avatar
boneyard
Icon for MVP rankMVP
Feb 27, 2021

no that is not possible as the SAML assertion wont contain the password. it can contain many things (i.e. sAMAccountName if known at the IdP (for Azure AD yes), the domain) but not the password.

 

a common case to solve SSO after SAML is to use Kerberos delegation, but that doesn't seem possible for RDP.

 

https://devcentral.f5.com/s/question/0D51T00006j4Kf0/kerberos-support-for-big-ip-rdp-gateway-for-rds-host

 

https://devcentral.f5.com/s/question/0D51T00007MzgEx/kerberos-auth-for-microsoft-remote-desktop-services-

 

Related Content