Forum Discussion
RSA then AD connection. How to autopopulate and keep the username ?
Hello,
I want to give access to our VDI platform through a F5 APM 11.4.1. (with view client and html5). All work fine but I want to make it easier for the user, and more secure.
So, I have 2 questions: 1- when view client connection, how to prevent the user to change the username (the RSA and AD ID are similar) ? I have put the Read-Only attribute in the logon page with no change. Perhaps in the view.inc ? but how ? 2- when browser connection, how to autopopulate the username and domain when the user clic on remote desktop ressource ?
thanks in advance.
Regards
Patrice
- Greg_Crosby_319Historic F5 Account
Have you tried using the iApp for View? It will create the access policy, supporting profiles, virtual servers, and pools, you are looking for with SecurID two factor with web browser logon support.
1 - There is not a way to retain and display the same user for both AD and RSA when using horizon client to connect.
2 - Passing the username, password, and domain into the remote desktop resource is done by selecting "autologon" in the desktop resource and using the default session variables. You will need to statically set session.logon.last.domain by using a variable assign policy item in your access policy. This needs to be placed before the advanced resource assign policy item.
Variable assign example: session.logon.last.domain = expr {"View_NetBIOS_Domain"}
- coquinpa_17436Nimbostratus
Hello Greg, Thank you for your help. I didn't use iApp. I will try to use this facility and check if that help me. I have tried your proposal about the variable assign in the browser policy branch. It works fine but that will be perfect if the domain would be auto-populate in the logon page (or don't ask to the user).
- Greg_Crosby_319Historic F5 Account
You can remove the domain field from your logon page since you are always setting the domain value in the variable assign policy item.
1- when view client connection, how to prevent the user to change the username (the RSA and AD ID are similar) ? I have put the Read-Only attribute in the logon page with no change. Perhaps in the view.inc ? but how ?
as mentioned you can't force it unchangeable, this is the view client behaviour which you don't control. you can ignore the first or second time the username is entered and only use one though.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com