APM webtop to Citrix - prefilling userid, domain for Citrix logon dialog
Env: Big-IP 4200v running 11.5.2 plain, APM fully licensed
Context: APM webtop with Citrix Remote Desktop icon, accessing F5 pool of Citrix XML brokers, replacing Storefront; users login to APM via RSA credentials against RADIUS server, no user login to AD (but userid is the same); Citrix client type is new-ish Receiver (12.3), Citrix XenApp version is 7.1
In the described environment, the user logs in to APM by providing userid and RSA PIN/value, which are validated via RADIUS servers. We do not AD-authenticate as part of the APM login, because our F5s involved are in our DMZ, and we don't want them interacting with AD directly - and so we can't turn on "Auto Logon" in the Citrix desktop object, and can't insert an SSO Credential Mapping object (can i?). The user gets to a webtop, and and then clicks on the Citrix remote desktop icon, they are prompted for their AD userid, password and domain, with an F5 generated dialog that will in turn provide the credentials to the XML brokers. In this flow, we would like to pre-fill the userid from what they entered as part of their RADIUS login, and their domain from a hard-coded value.
I inserted into the policy an Assignment object, I manually set session.logon.last.domain to our desired domain string, but the Citrix logon dialog did not pick it up. And I can't figure out how to insert the username from the session variable that holds it.
Is what I'm attempting possible? Do I in fact need to insert an SSO Credential Mapping, even though we are just pre-filling variables, not actually doing SSO?