7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Create a SAML Authenticator on View Connection Server 6.2
For Horizon 6 version 6.2 servers, you must create a manual SAML authenticator in View Connection
Server. You copy the SAML metadata generated on Access Point and then use the ADSI Edit utility on the
View Connection Server host to edit the View LDAP and paste in the metadata. You also edit the View
LDAP to change the expiration period for SAML assertions.
If you do not change the expiration period, View Connection Server will stop accepting SAML assertions
from the SAML authenticator, such as Access Point or a third-party identity provider, after 24 hours, and the
metadata exchange must be repeated. Use this procedure to specify the number of days that can elapse
before View Connection Server stops accepting SAML assertions from the identity provider. This number is
used when the current expiration period ends. For example, if the current expiration period is 1 day and you
specify 90 days, after 1 day elapses, View Connection Server generates metadata with an expiration period
of 90 days.
NOTE This procedure provides instructions for creating the SAML authenticator and changing the
expiration period if you are using Horizon 6 servers. For Horizon 6 servers, you must edit View LDAP. For
Horizon 7 features, you can instead use a page in the View Administrator UI. For instructions, see “Create a
SAML Authenticator on a Horizon 7 Connection Server,” on page 51.
Prerequisites
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows
operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server 6.2 host.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name
DC=vdi, DC=vmware, DC=int.
4 In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the
View Connection Server host followed by port 389.
For example: localhost:389 or mycomputer.example.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, right-click OU=Authenticator and select New >
Object.
6 In the Create Object wizard, select pae-SAMLAuthenticator and click Next.
7 In the Value text box, enter a name, such as ap for Access Point, click Next, and click Finish.
The object appears in the right pane. For this example, the name of the object is CN=ap.
Chapter 5 Setting Up Smart Card Authentication
VMware, Inc. 53