7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Setting Up Smart Card Authentication 5
By default, Access Point uses pass-through authentication, so that users enter their Active Directory
credentials, and these credentials are sent through to a back-end system for authentication. You can,
however, configure the Access Point appliance to perform smart card authentication.
With smart card authentication, a user or administrator inserts a smart card into a smart card reader
attached to the client computer and enters a PIN. Smart card authentication provides two-factor
authentication by verifying both what the person has (the smart card) and what the person knows (the PIN).
End users can use smart cards for logging in to a remote View desktop operating system and also for smart-
card enabled applications, such as an email application that uses the certificate for signing emails to prove
the identity of the sender.
With this feature, smart card certificate authentication is performed against Access Point, and Access Point
communicates information about the end user's X.509 certificate and the smart card PIN to the Horizon
server by using a SAML assertion.
You can also set up authentication so that Access Point requires smart card authentication but then
authentication is also passed through to the Horizon server, which might require Active Directory
authentication. To configure this type of chained authentication, see the authMethods property, described
in “Configuration Settings for Edge Services,” on page 34.
NOTE For VMware Identity Manager, authentication is always only passed through Access Point to
VMware Identity Manager. You can configure smart card authentication to be performed on the Access
Point appliance only if Access Point is being used with Horizon 6 or Horizon 7.
This chapter includes the following topics:
n
“Generate Access Point SAML Metadata,” on page 50
n
“Creating a SAML Authenticator for View Connection Server,” on page 51
n
“Copy Service Provider SAML Metadata to Access Point,” on page 55
n
“Obtain the Certificate Authority Certificates,” on page 56
n
“Configure Smart Card Settings on the Access Point Appliance,” on page 57
VMware, Inc.
49