Select the Identity Provider and click “Download SAML service Provider metadata” Select “SAML and Paththrough” for “Use Case #1″or “SAML” for “Use Case #2” Now move to General Settings \ Horizon Settings : Select the FederationMetadata.xml file and click save (no need to specify EntityID, it will be filled automaticaly from the xml file Then connect to the UAG and move to Identity Bridging Settings \ Upload Identity Provider Metadata, click the wheel: Ok the first thing is to change the expiration delay of the SP SAML certificat of your Horizon Connection Servers and wait a maximum of 24h do get the new one generated (I personaly set mine to 10 years):Īnd the second thing is to get the FederationMetada.xml so, you should be able to get it by connecting to just check on the AD FS Management: AD FS Management That said, let see with some nice pictures how we do that : Let’s start with Use Case #1 Once authenticated to ADFS, the list of available resource appears, and you can login without any other cred.Using vdmUtil, enable both authenticator.
Now if we want to go further and implement ADFS with TrueSSO: Configure UAG for SAML or SAML and Passthrough auth methods.Import FederationMetadata.xml in UAG (Upload Identity Provider Metadata).Connect to and save the FederationMetadata.xml file.Configure Edge Service and specify a Connection Server fqdn (not the load-balancer).Change Expiration Period for Service Provider Metadata.Initial configuration is the same for both and to make it short here the different steps required:
This use case of course required VMware TrueSSO to works
0 kommentar(er)
