Forum Discussion

Nick_Weber_2564's avatar
Nick_Weber_2564
Icon for Nimbostratus rankNimbostratus
Jul 29, 2016

APM with for VMWare View with RSA auth.

So I'm trying to setup APM with VMWare View and RSA. I created SecureID View Client Logon and the user enters their email address and RSA key. Next I have the RS SecureID Auth configured but it looks like it's only passing the user name and not dot the full UPN, stripping off the domain name. RSA rejects the user since it does not have the full email address.

 

Thanks

 

10 Replies

  • I followed the "Deploying F5 with VMware View and Horizon View" guide when setting this up.

     

  • when you built this before a normal webtop does it work then? you are sure your RSA server requires the user@domain.ext variant?

     

    if you get the part before @ and not after you can just add that before it is send to the RSA auth. see the variable assign element and some examples:

     

    https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm_config_10_1_0/apm_config_advanced_policies.html

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      have you read my answer, Nick never answered but you might want to check the same.

       

      it just sending the username and not @... might mean an enabled "Split domain from full Username" in the login VPE.

       

    • Paul_Woothipoom's avatar
      Paul_Woothipoom
      Icon for Nimbostratus rankNimbostratus

      Thanks , I'll take a look at that split domain setting, hopefully I can find a way to add it, there is many different domains I have , when I read your comment above I was thinking that you were saying you'd hard code the domain so you could only have one which wouldn't work for me , but reading it again I think maybe you don't mean this

       

      RSA does need the domain as I customized it to be that way ( does not by default ) , as our logins for everything are full email address and it has to be this way for a number of boring reasons

       

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      if the user enters the email adres but you don't see it send to RSA then something on the F5 APM does this. that might be the "Split domain from full Username" in the logon VPE. in that case you can disable that option to check if it helps you.