F5 BIG-IP APM – SSO for Terminal Services
F5 BIG-IP APM is a good alternative to the deprecated Juniper SSL VPN, which has been sold to Pulse Secure, because APM unifies SSL VPN services and the management of authentication and user accesses, integrating SSO Authentication and federation of identities services into the same solution. Therefore, F5 BIG-IP APM can be used for telecommuting as well as for Virtual Desktop Infrastructures (VDI) due to the fact that APM supports native VDIs such as Microsoft, VMWare and Citrix and also supports most authentication mechanisms (NTLM, Kerberos, SAML, digital certificates, tokens, OTPs, etc).
I made a video last week about Portal Access & Webtops and I would like to share a new video this week about Single Sign-On for Terminal Services. You will watch, it’s easy to configure SSO for Terminal Services but it’s a useful feature in most organizations for employees and partners who work from home, airport or wherever.
I think, it’s important to highlight that some extensions are needed when creating the SSL Certificate for the SSL Profile (Client) because the VDI Profile generates a cryptographic signature based on the attached client SSL Profile. However, if the SSL Certificate doesn’t have these extensions, there will be a message error when we connect to the Remote Desktop.
"The digital signature of this RDP File cannot be verified. The remote connection cannot be started".
|APM - User Defined RDP in version 13 - digital signature issue|
I hope this video is useful for you. Regards my friends! Keep learning!