I have a working Citrix iapp solution, APM is standard. I need to add 2 Factor authentication for Citrix and for OWA. Owa is easy enough the duo implementation steps here work just fine. These steps make it easy for OWA: https://devcentral.f5.com/articles/integrating-duo-security-with-f5-big-ip-access-policy-manager
But APM with citrix is different, especially using the iapp which breaks the citrix receiver and web access into different branches. Starting with the Web branch, I replaced the iapp/APM AD Auth with the DUO-Radius authentication. I can login successfully but the citrix page will loop with the error cannot connect to server.
I'm sure my issue is in adding the duo-radius auth piece. The default radius branch rule expression is Successful:Radius has passed. I believe I need an expression that AD Authentication will accept and also pass on the credentials/authentication.