7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
8 Double-click the CN=name object and edit the following attributes.
Attribute Description
pae-SAMLLabel
Supply a name of the SAML authenticator. This label will appear in View
Connection Server, in the View Connection Server authentication settings.
pae-SAMLMetaDataXml
Paste in the SAML metadata that you generated on the Access Point
appliance. Make sure metadata does not contain escape characters before
double quotes. For example, the correct format is <?xml version="1.0"
and not <?xml version=\"1.0\".
pae-SAMLMetaDataUrl
(Optional) If you specify a URL in this attribute (for example,
https://access-point.example.com), the URL will be displayed in the
Manage Authenticators dialog box in View Administrator.
A new SAML authenticator is created.
On View Connection Server, the new settings take effect immediately. You do not need to restart the View
Connection Server service or the client computer.
What to do next
Extend the expiration period of the View Connection Server metadata so that remote sessions are not
terminated after only 24 hours. See “Change the Expiration Period for Service Provider Metadata on View
Connection Server,” on page 54.
Change the Expiration Period for Service Provider Metadata on View
Connection Server
If you do not change the expiration period, View Connection Server will stop accepting SAML assertions
from the SAML authenticator, such as Access Point or a third-party identity provider, after 24 hours, and the
metadata exchange must be repeated.
Use this procedure to specify the number of days that can elapse before View Connection Server stops
accepting SAML assertions from the identity provider. This number is used when the current expiration
period ends. For example, if the current expiration period is 1 day and you specify 90 days, after 1 day
elapses, View Connection Server generates metadata with an expiration period of 90 days.
Prerequisites
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows
operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server host.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name
DC=vdi, DC=vmware, DC=int.
4 In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the
View Connection Server host followed by port 389.
For example: localhost:389 or mycomputer.example.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click OU=Common
in the right pane.
6 In the Properties dialog box, edit the pae-NameValuePair attribute to add the following values
cs-samlencryptionkeyvaliditydays=number-of-days
cs-samlsigningkeyvaliditydays=number-of-days
Deploying and Configuring Access Point
54 VMware, Inc.