RDP over HTTPS with SAML and SSO

I wonder if anyone configured something similar already. We will have RDP connections coming in as HTTPS (encapsulated). I found 2 ways of doing it in the documentation:

LTM only where F5 treats it as HTTPS and does not look further
LTM+APM where the F5 will extract the RDP session and send RDP connections to the back-end.

The extra requirement is that we use SAML to redirect the user to get a Kerberos ticket from an external IDP and allow access based on that token. I think this should work regardless of which solution I chose. The second requirement is however trickier and I cannot yet test it... The user was already prompted to authenticate on the Kerberos side and should not get a second prompt from Windows RD server - SSO. We already have this setup for sharepoint but there I have HTTPS in and out and no other protocol inside. So will it work with teh 1st option given that F5 will not see the RDP traffic? I can pass the Kerberos ticket along as I do for sharepoint to get the SSO work but will the Windows server know to extract it from the HTTPS and use it? If I do the second option I send an RDP session plus the ticket so I am closer to the sharepoint HTTPS scenario so probably will work. Any ideas?

Regards

Carol

application delivery

BIG-IP Access Policy Manager (APM)

LTM

Forum Discussion

RDP over HTTPS with SAML and SSO

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 HTTPS Redirect 2025

The State Of HTTP/2 With F5 LTM

HTTP Multipart and Security Implications

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Application Study Tool: Make Grafana Listen on HTTPS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS