cancel
Showing results for 
Search instead for 
Did you mean: 
JRahm
Community Manager
Community Manager

In the first article in this series, I configured a full Webtop in APM with a static RDP host.  In this article, I’ll make some changes to the original configuration to allow users to specify an RDP host destination.

Modify the Access Policy

Immediately after the active directory authentication on the successful branch, click the “+” and add a logon page.

 

0151T000003d49tQAA.png

 

In the logon page configuration, change the name (optional) to RDP Hostname, set the field 1 post variable and session variable names to hostname, change the type for field two to none, then add some explanatory text to the Form Header Text field and specify Hostname in the text box for field 1. I also changed the Logon Button text to Continue instead of Logon since the logon has already occurred.

 

0151T000003d49uQAA.png

 Click save. Now the policy should look like the image in Figure 3.

0151T000003d49vQAA.png

 

Modify the RDP Resource

After closing the policy editor, I open the Remote Desktop (Access Policy->Application Access->Remote Desktops->Remote Desktops) and change the destination from the static resource I assigned in part 1 to the variable I created in the policy: %{session.logon.last.hostname}

0151T000003d49wQAA.png

Optional Customization

To provide a description on the button that includes the user configured RDP host name, go to Access Policy->Customization and select the configured Remote Desktop, select the Localization tab in the menu and configure the Caption and Detailed Descriptions.  Use the same session variable from above in the description field.

0151T000003d49xQAA.png

Make sure the caption is configured for each of the languages you support. I only changed the English one in this example.  Next, apply the policy.

0151T000003d49yQAA.png

Testing the Changes

Now that my changes are complete, I can test them. Same initial login screen as part 1:

0151T000003d49zQAA.png

Now I’m presented with the second logon page, this time asking for the host I'd like to connect to:

0151T000003d4A0QAI.png

Note the continue I modified in the policy instead of it being labeled Logon.  Now, My Webtop shows the Caption (RDP Connection) and the Description (ad01.devcen…) that I defined in the customizations in the policy.

0151T000003d4A1QAI.png

Finally, clicking on the button takes me to my desired resource:

0151T000003d4A2QAI.png

Conclusion

This solution extended the functionality in part 1 to allow for dynamic configuration of the RDP host destination for user access.  In part 3, I’ll explore an iRules option for providing session history as part of the solution.

 

 

Comments
Henning_2063
Nimbostratus
Nimbostratus
Excellent series!

 

 

Do you know if there is any use a session variable (similar to the hostname) to determine the port on the RDP resource ? (some people insist on setting their RDP servers up on non-standard ports)

 

 

Trying to use an extra field for the port and modifiying the RDP resource results in a database error.

 

 

Could this be done via iRule?

 

 

Is there a way to have a user click on a rdp on an existing webtop and then get prompted to change the destination host. like a way to redirect to a login page to make the change. I don't want users to enter a hostname before they get to the webtop. but only if they need to use the rdp connection.
SLGizmo_219768
Nimbostratus
Nimbostratus
Also, if using two factor authentication rather then domain the RDP session starts but it fails to pass through Creds and password.
Chris_Wentland
Nimbostratus
Nimbostratus

SLGizmo - If you do Two Factor Auth, be sure to capture the original login credentials. When you do two factor auth, the session.logon.last.password typically gets overwritten with the TFA passcode. Set up a step in your policy to set session.custom.last.username = session.logon.last.username after the login, but before the TFA. Do the same for password. When in your RDP profile under SSO, reference the session.custom.last.username and password.

 

Version history
Last update:
‎15-Sep-2011 10:00
Updated by:
Contributors