NimbostratusVMWare View APM Login Page Radius
We have an external radius server that authenticates a user by having them enter UserId and LDAP Password+ 6 digit OTP that we would like to leverage with Vmware View being proxied behind F5. In the APM Access Policy, the built in VmWare View Logon page has a radius option. We are able to successfully configure Radius auth following a guide that we found here.
https://blog.shiplett.org/wikid-systems-two-factor-auth-with-f5-apm-and-vmware-horizon-with-view/
However, since our Radius has the user's LDAP password in the radius passcode, we'd like to just have the user authenticate once instead of having to authenticate against radius and then authenticate against against LDAP like the blog describes. Has anyone ever accomplished this before? My initial thought process was to get the UserID and Passcode (users AD password + 6 digit OTP) from the radius logon and store them as variables. Then after Radius auth, take those variables, strip out the last 6 digits of the Passcode and then send them into View/LDAP. This way user only has to authenticate against Radius and they are auto signed into View. However, I can't seem to find any documentation on whether or not that's possible within VPE. I did find some irules where string trim was referenced. But all of those are searching for an specific character match. I would just like to automatically strip off the last 6 characters of the radius passcode so that it could be re-used as the password for logging the user into view.
Any suggestions would be appreciated.
