Forum Discussion

Nimbostratus

Sep 24, 2021

APM using Radius authentication with MFA breaks RDP/Citrix Single Sign-On

Interesting issue discovered (v14). We use Okta for MFA login on an APM policy. Our Okta allows for answering a security question (yes, not TRUE MFA, working to fix that policy), but this also appl...

APM

application delivery

jjarboe01

Nimbostratus

Sep 24, 2021

So, the answer here is actually simple. Right before the Radius authentication step, create a variable assign step, and set a variable called "session.original.last.password" to the value of the Session Variable "session.logon.last.password". Then, after the Radius step in the policy, do the reverse of this to reset the session.logon.last.password value from session.original.last.password. This way, you don't have to change every Citrix and RDP object in the policy to use another variable.

Forum Discussion

APM using Radius authentication with MFA breaks RDP/Citrix Single Sign-On

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Zero Trust building blocks - Leverage F5 NGINX Plus Single Sign-On (SSO) and F5 XC

APM Cookbook: Single Sign On (SSO) using Kerberos

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller