cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM using Radius authentication with MFA breaks RDP/Citrix Single Sign-On

jjarboe01
Nimbostratus
Nimbostratus

Interesting issue discovered (v14). We use Okta for MFA login on an APM policy. Our Okta allows for answering a security question (yes, not TRUE MFA, working to fix that policy), but this also applies if you use a 6 digit code. F5 is overwriting the session.logon.last.password variable with the last input on the Radius step, thus breaking the single-signon to RDP and Citrix.

1 REPLY 1

jjarboe01
Nimbostratus
Nimbostratus

So, the answer here is actually simple. Right before the Radius authentication step, create a variable assign step, and set a variable called "session.original.last.password" to the value of the Session Variable "session.logon.last.password". Then, after the Radius step in the policy, do the reverse of this to reset the session.logon.last.password value from session.original.last.password. This way, you don't have to change every Citrix and RDP object in the policy to use another variable.