Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

APM using Radius authentication with MFA breaks RDP/Citrix Single Sign-On

jjarboe01
Nimbostratus
Nimbostratus

Interesting issue discovered (v14). We use Okta for MFA login on an APM policy. Our Okta allows for answering a security question (yes, not TRUE MFA, working to fix that policy), but this also applies if you use a 6 digit code. F5 is overwriting the session.logon.last.password variable with the last input on the Radius step, thus breaking the single-signon to RDP and Citrix.

1 REPLY 1

jjarboe01
Nimbostratus
Nimbostratus

So, the answer here is actually simple. Right before the Radius authentication step, create a variable assign step, and set a variable called "session.original.last.password" to the value of the Session Variable "session.logon.last.password". Then, after the Radius step in the policy, do the reverse of this to reset the session.logon.last.password value from session.original.last.password. This way, you don't have to change every Citrix and RDP object in the policy to use another variable.