Forum Discussion

Cirrocumulus

Jun 24, 2024

HTML5 support for RDP

I there any support for HTML5 for RDP connnections behind F5 without using a client? Or even possible with a client? The use case is to have a webtop with a link to establish an RDP connection bu...

application delivery

Lucas_Thompson

Employee

Jun 24, 2024

As far as I know, we haven't officially evaluated Microsoft's new native HTML5 RDP client. It's likely possible to make it work with APM, but some protocol (auth, SSO, etc) and security reviews are needed:

https://learn.microsoft.com/en-us/answers/questions/1275851/rdweb-and-html5-client

Marvin

Cirrocumulus

Jun 27, 2024

It is registered (Bug ID 578545) [RFE] Support RDP HTML5 client on APM Webtop no ETA yet however by implementing this you would also solve this bug Bug ID 969097: Native RDP Route Domain and SNAT Selection not applying SNAT settings

https://cdn.f5.com/product/bugtracker/ID969097.html

The use case is very simple an easy to use web based RDP access and based on the role defined in access profile assign the correct SNAT IP address. Please have this implemented.

Lucas_Thompson
Employee
Jun 27, 2024
Thanks for the additional detail. 969097 is difficult from an architecture standpoint. That 578545 issue was a request to evaluate 3rd party HTML5 clients like Guacamole and Hobsoft, but since Microsoft now have a native HTML webclient it's probably best to focus on theirs.

After looking at it for a while, it seems like the only L4-ish solution (because of 969097) is to use a data group to hold a list of SNAT selectors and an irule (or maybe an LTM policy), and probably an extra vip, which is a way overload of extra configuration.

An L7 solution *that does support SSO* might be to use SAML IDP-chaining with Azure or a local SAML SSO chained from whatever you currently logon with in the same way that CyberArk (no affiliation) provides a nice configuration guide on here:

https://docs.cyberark.com/identity/latest/en/Content/Applications/certified-apps/RDWeb_SSO.htm

NOTE: I just stumbled on that from a google search for something like "webclient html5 microsoft saml" and have not tested it at all. They do have an impressive number of nice generic-SAML-ish integration articles!

BIG-IP APM does support these SAML-SSO-intercept and IdP-Chaining use cases that should allow you to both behave as and offer SSO for your users.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

HTML5 support for RDP

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

Pool Member Status HTML5 Page

Support and Help for DevCentral and Offline Contact

APM Configuration to Support Duo MFA using iRule

Securing Applications using mTLS Supported by F5 Distributed Cloud

Contacting F5 Support

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS