Product Ideas Portal

Neither SSH nor RDP have any way to support SAML, it's a web SSO technology. There is no way for an SSH or RDP client to access any existing SAML authentication token (as it will be in your browser) and RDP/SSH does not provide any mechanism to pass the token onto the target. Using a tool like Guacamole to provide an HTTP5-based SSH/RDP mechanism within the existing UI would benefit from the existing SAML support but doesn't answer the specific idea here.

I assume that this would be impossible with a normal thick client RDP/SSH session as those clients don't have the means to handle the SAML request/response flow and necessary session cookies requires by SAML.

Are there any clients (RDP or SSH) that support SAML authentication and act as connection brokers/aggregators?

An HTML5 based RDP/SSH client might make this possible. Through something like Apache Guacamole, you could enable users to bookmark the "direct connect" sessions. The browser would handle the SAML auth. It would also eliminate the need for anything other than a browser on the client...

Requested for integrations with TAP vendors by the Alliances team

Agree - this would be a valuable capability and would simplify the setup as we would not need to set up RADIUS+MFA in BI but could rely on the settings in our SAML IdP (Okta, ADFS, OneLogin, etc.)

DirectConnect is a great feature which breaks when SAML is implemented. Please enhance the SAML implementation to include SP initiated SAML and then the authentication request could be redirected to the IDP for authentication.

Agree that this would be a valuable option in a future release as our staff use the Direct Connect option regularly. Would appreciate a quick turnaround on this one if possible.