For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jeffs_44448's avatar
jeffs_44448
Icon for Nimbostratus rankNimbostratus
Mar 23, 2016

APM With VMware View Login

I am setting up an access policy that will allow for authentication into our VDI environment. The access policy is laid out as follows:

 

Client Type(VMware View) -> VMware View Logon Page(Radius, Input Field 2=RA_Password) -> RADIUS Auth -> VMware View Logon Page(Windows Password, Input Field 2=AD_Password) -> AD Auth -> etc...

 

Logging into the Horizon client I get prompted for my Radius authentication (PIN+OTP), get a bad user name and password error, then get prompted for my AD log on information. Once I authenticate to AD, my resource is assigned correctly.

 

The logs on the Radius server show a successful logon. The badPassword count for my AD account goes up by 1 after Radius authentication occurs and is cleared after a successful AD logon. It appears Radius is trying to pass the password over to AD, even though I have them set as different inputs. It's like single sign is being attempted, but I don't know how APM is being told to do so.

 

Any insight into why this occurs and/or any tricks to get around it would be great.

 

application delivery
BIG-IP Access Policy Manager (APM)

1 Reply

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Mar 24, 2016

    Ahh... I wonder if the second VMWare View login page will be bypassed because you have a valid session that's already authenticated. Not sure how you chain VMWare View logins... I've always set it up as a webtop and used the browser login page with multiple password fields to chain the auth.