Forum Discussion

eran's avatar
eran
Icon for Altostratus rankAltostratus
Mar 02, 2023

RADIUS AUTH (DUO) from VMware view client

Hi,

i have a vdi setup from my apm and it work fine from regular web logon page.

my issue is when i try to set up an additional login method from the vmware view client itself.

i get the first step wich is the AD login but then when i try to get a radius challege it  wont show the regular three options of push call ... but shows :

insted of 

i tried to enter a 6 digit number generated from my duo mobile app but it wont works.

here is my  VPE

again the issue only occures from the client itself , ive followed duo guide https://duo.com/docs/f5bigip 

suggestions any one? 

 

4 Replies

  • Hey eran 

    I think i might be able to reach out to someone in the backend engineering on this one, but wanted to clarify a couple of questions

    1) you mention that the webtop version works correctly, i would assume you also followed the doc you listed that modified the Webtop configuration to allow it to work?  (adding duo script to the header.inc and the logon.inc however nothing was added to the view.inc file).

    2) I assume the Macro is the same macro used in the browser and horizon client but the horizon client fails. 

    I have a feeling i know whats going on, but just those bits of clarity will help me ask the backend engineers.. 

    • Leslie_Hubertus's avatar
      Leslie_Hubertus
      Ret. Employee

      Hi eran - are you still experiencing the issue? If so, can you please reply to Matt so he can help? If not, can you please let us know what your resolution ended up being?

    • eran's avatar
      eran
      Icon for Altostratus rankAltostratus

      Hey matt

      sorry for the (very..) late reply.

      We are in the process of changing the 2FA to OAuth with Duo. Everything works fine through Webtop.

      However, when we tried to see how it works directly through the VMware Horizon client, we are "stuck" at the connecting stage and are not being redirected or prompted for a Duo challenge.

      My only question is: Is it even possible to prompt a Duo challenge when connecting directly?

      I have followed this article https://community.f5.com/kb/technicalarticles/apm-configuration-to-support-duo-mfa-using-irule/283971

       

       

  • Hi eran - I see that nobody has answered you yet, so I'm featuring your post in this week's Weekly Highlights article to boost visibility, and also asking a colleague to take a look.