Does the BIG-IP RDP Gateway Support Kerberos SSO?
Per the overview for configuring APM as a gateway for Microsoft RDP clients, it states "Only NTLM authentication is supported. This access policy should verify that NTLM authentication is successful and must assign an additional access policy to use for resource authorization throughout the session."
With that, within the F5 supported iApp () one option states "To use client NTLM authentication, you must correctly configure Kerberos delegation in the Active Directory domain where Remote Desktop users will be authenticated."
I'm confused as to what this even means. How is Kerberos delegation implemented if only NTLM is supported based on the "configuring APM as a gateway for Microsoft RDP clients" support page? Any clarification is much appreciated. I am trying to configure a full webtop with RDP session host resources and perform SSO for users who authenticated to the webtop using user certificates. I am currently testing with 13.0.