RDP over HTTPS with SAML and SSO

I wonder if anyone configured something similar already. We will have RDP connections coming in as HTTPS (encapsulated). I found 2 ways of doing it in the documentation:

LTM only where F5 treats it as HTTPS and does not look further
LTM+APM where the F5 will extract the RDP session and send RDP connections to the back-end.

The extra requirement is that we use SAML to redirect the user to get a Kerberos ticket from an external IDP and allow access based on that token. I think this should work regardless of which solution I chose. The second requirement is however trickier and I cannot yet test it... The user was already prompted to authenticate on the Kerberos side and should not get a second prompt from Windows RD server - SSO. We already have this setup for sharepoint but there I have HTTPS in and out and no other protocol inside. So will it work with teh 1st option given that F5 will not see the RDP traffic? I can pass the Kerberos ticket along as I do for sharepoint to get the SSO work but will the Windows server know to extract it from the HTTPS and use it? If I do the second option I send an RDP session plus the ticket so I am closer to the sharepoint HTTPS scenario so probably will work. Any ideas?

Regards

Carol

APM

application delivery

LTM

Forum Discussion

RDP over HTTPS with SAML and SSO

Recent Discussions

BigIP Next - Health Monitors / Template

LDAPS and renegotiation

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Related Content

HTTP Multipart and Security Implications

HTTPS to HTTP

iRule to take cookie from HTTP Response into HTTP Request via table

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB