7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
2 Use a REST client, such as curl or postman, to use the JSON request to invoke the Access Point REST
API and generate Access Point metadata.
The following example uses a curl command. In the example, access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance, and ap-metadata.json is the JSON request
you created in the previous step.
curl -k -d @- -u 'admin' -H "Content-Type: application/json" -X POST https://access-point-
appliance.example.com:9443/rest/v1/config/idp-metadata < ~/ap-metadata.json
3 Use a REST client to get the generated metadata, and then copy the metadata.
curl -k -u 'admin' https://access-point-appliance.example.com:9443/rest/v1/config/idp-
metadata
The contents of this file begin with the following text:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...
What to do next
Use the copied Access Point SAML metadata to create a SAML authenticator on the applicable Horizon
server.
n
For a Horizon 6 server, see “Create a SAML Authenticator on View Connection Server 6.2,” on
page 53.
n
For a Horizon 7 server, see “Create a SAML Authenticator on a Horizon 7 Connection Server,” on
page 51.
Creating a SAML Authenticator for View Connection Server
The process of creating an authenticator for Horizon 6 servers is different from the process for Horizon 7
servers.
In general, the process involves pasting Access Point SAML metadata into the correct configuration setting
on the View Connection Server instance and then extending the expiration period of the metadata.
Create a SAML Authenticator on a Horizon 7 Connection Server
For Horizon 7 servers, you can use the View Administrator UI to create a manual SAML authenticator. You
copy the SAML metadata generated on Access Point and then paste the text into SAML metadata text box in
the View Administrator UI.
You associate an Access Point SAML authenticator with a View Connection Server instance. If your
deployment includes more than one View Connection Server instance, you must associate the SAML
authenticator with each instance.
NOTE If you need to create a SAML authenticator on a Horizon 6 server, see “Create a SAML Authenticator
on View Connection Server 6.2,” on page 53.
Prerequisites
n
Verify that the root certificate for the signing CA for the SAML server certificate is installed on the
connection server host. VMware does not recommend that you configure SAML authenticators to use
self-signed certificates. For information about certificate authentication, see the View Installation
document.
n
Generate SAML metadata on the Access Point appliance and then copy the metadata. See .“Generate
Access Point SAML Metadata,” on page 50
Chapter 5 Setting Up Smart Card Authentication
VMware, Inc. 51