We have not validated whether it is possible to implement TAS3 architecture using desktop login approach. We recommend using one-time-passwords and the Authentication Service Protocol [SOAPAuthn2] to validate the authentication centrally using an IdP.
Terminal servers: Mind-The-Box, Citrix, Windows TS, etc.
Active Directory PDC
A backup plan would be to capture the authentication at LDAP or Active Directory level and make the Authentication Service call from this middleware.
The Desktop login approach suffers from similar security problems as the Fat Client Login, which see below.