7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
In this example, number-of-days is the number of days that can elapse before a remote View Connection
Server stops accepting SAML assertions. After this period of time, the process of exchanging SAML
metadata must be repeated.
Copy Service Provider SAML Metadata to Access Point
After you create and enable a SAML authenticator so that Access Point can be used as an identity provider,
you can generate SAML metadata on that back-end system and use the metadata to create a service provider
on the Access Point appliance. This exchange of data establishes trust between the identity provider (
Access Point) and the back-end service provider, such as View Connection Server.
Prerequisites
Verify that you have created a SAML authenticator for Access Point on the back-end service provider server.
n
For a Horizon 6 server, see “Create a SAML Authenticator on View Connection Server 6.2,” on page 53.
n
For a Horizon 7 server, see “Create a SAML Authenticator on a Horizon 7 Connection Server,” on
page 51.
Procedure
1 Retrieve the service provider SAML metadata, which is generally in the form of an XML file.
For instructions, refer to the documentation for the service provider.
Different service providers have different procedures. For example, for View Connection Server, you
open a browser and enter a URL such as:
https://connection-server.example.com/SAML/metadata/sp.xml
You can then use a Save As command to save the Web page to an XML file. The contents of this file
begin with the following text:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...
2 Use a REST client, such as curl or postman, to invoke the Access Point REST API and store the metadata
on the Access Point appliance.
The following example uses a curl command. In the example, access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance, service-provider-name is the name to use for a
View Connection Server service provider, and connection-server-metadata.xml is the metadata file you
created in the previous step.
curl -k -d @- -u 'admin' -H "Content-Type: text/xml" -X POST https://access-point-
appliance.example.com:9443/rest/v1/config/sp-metadata/service-provider-name < connection-
server-metadata.xml
Access Point and the service provider can now exchange authentication and authorization information.
What to do next
To verify that the POST command worked, you can use a GET command with the same URL.
If you copied View Connection Server metadata, to verify that the Access Point SAML authenticator was
successfully configured, open the ADSI Edit utility on the View Connection Server host, connect to View
LDAP (DC=vdi, DC=vmware, DC=int), and in the ADSI Edit tree, under OU=Properties, select OU=Server,
and double-click the CN=name item in the right pane. The pae-SAMLConfigDN attribute will be populated
with the distinguished name.
Chapter 5 Setting Up Smart Card Authentication
VMware, Inc. 55