F5 BIG-IP APM – SSO for Terminal Services

F5 BIG-IP APM is a good alternative to the deprecated Juniper SSL VPN, which has been sold to Pulse Secure, because APM unifies SSL VPN services and the management of authentication and user accesses, integrating SSO Authentication and federation of identities services into the same solution. Therefore, F5 BIG-IP APM can be used for telecommuting as well as for Virtual Desktop Infrastructures (VDI) due to the fact that APM supports native VDIs such as Microsoft, VMWare and Citrix and also supports most authentication mechanisms (NTLM, Kerberos, SAML, digital certificates, tokens, OTPs, etc).

I made a video last week about Portal Access & Webtops and I would like to share a new video this week about Single Sign-On for Terminal Services. You will watch, it’s easy to configure SSO for Terminal Services but it’s a useful feature in most organizations for employees and partners who work from home, airport or wherever.

I think, it’s important to highlight that some extensions are needed when creating the SSL Certificate for the SSL Profile (Client) because the VDI Profile generates a cryptographic signature based on the attached client SSL Profile. However, if the SSL Certificate doesn’t have these extensions, there will be a message error when we connect to the Remote Desktop.

"The digital signature of this RDP File cannot be verified. The remote connection cannot be started".

 APM - User Defined RDP in version 13 - digital signature issue

I hope this video is useful for you. Regards my friends! Keep learning!


  1. Hi in this solution i can see you have created the same user account of RDP computer in to F5 and logged on and it worked. IN my case i have AD users but RDP computer is not part of the domain so i want map som sort of service account of the RDP server

    AD user (smith) -logon through F5, after that i want to map smith = SRVACCOUNT (RDP server)
    so when ever smith logson when he click the RDP server icon he can able to logon with SRVACCOUNT which we created on RDP server

    is there any way to map in F5 APM. please let us know

  2. "-extensions some_ext -extfile ssl_ext" doesnt works with the BIGIP Version 16.x, it says '-extfile' not found.


Enregistrer un commentaire