NimbostratusHorizon Client 2FA using APM
Hello!
We are setting up 2FA for external users, but not internal users.
I have set up the iApp for VMWare Horizon and we've been working fairly well. External access is through the F5 directly to a pair of VMWare connection servers. You can either log into the APM webtop the iApp creates, or with the Horizon Client. I have successfully set up Duo's 2 factor authentication for the Webtop for external access. This just uses RADIUS.
However, this does not cover the Horizon client access from the internet. When attempting the same configuration to the client (APM - AD View Client section), the client fails because it doesn't understand the request.
When configuring RADIUS on the horizon server directly it will prompt 2FA for both internal and external users. The connection server does not pass any IP information to a RADIUS server to be able to have the RADIUS proxy identify trusted networks.
I'm a bit at a loss here. Has anyone run into this? If so, how did you fix it?
