Does anyone know if these things are possible to get working when your daily interaction is with a thin client?
My workstation sits in a rack in a server room, and where I work's current policy of 1.7 people to a desk means we all hot desk. Whatever thin client I sign into uses RDP to connect to my workstation. Is there enough UDP redirection support in RDP to make using these keys possible?
I am not sure. I'm assuming your thin clients have USB sockets and you can plug in generic USB keyboards, mice, etcetera. If you have to use a built-in keyboard + pointing device then you're almost certainly screwed.
The USB FIDO tokens are HID devices, but they deliberately don't specify what _sort_ of HID device they are. The idea is that this makes the client (browser) side easier as every major OS has some means for ordinary programs to talk to generic HID devices - to support graphics tablets and other odd things. So it's possible that a system generic enough to let you plug in any HID device (mouse, keyboard, trackball, stylus, whatever) to your thin client could work with FIDO.
Security Keys do seem like an attractive idea for a thin client environment if they work.
RDP does have "input redirection" but the problem is whether it's low level enough to redirect a HID protocol it doesn't understand. If RDP insists on thinking about keys pressed or movement of a pointer that's obviously no help for FIDO, but if it can just proxy the HID layer itself that's enough.
My workstation sits in a rack in a server room, and where I work's current policy of 1.7 people to a desk means we all hot desk. Whatever thin client I sign into uses RDP to connect to my workstation. Is there enough UDP redirection support in RDP to make using these keys possible?