7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
5 Paste this information into a JSON request for enabling RSA SecurID authentication for the Horizon
server and add the authMethods property.
{
"identifier": "VIEW",
"enabled": true,
"proxyDestinationUrl": "https://horizon-server.example.com",
"proxyDestinationUrlThumbprints": "sha1=40 e6 98 9e a9 d1 bc 6f 86 8c c0 ad b1 ea ff f7 4a
3b 12 8c",
"authMethods": "securid-auth"
}
This example shows only some of the properties that are common to all edge services. In this example,
horizon-server.example.com is the fully qualified domain name of the Horizon server. You specified this
name when you deployed the Access Point appliance. The text for
proxyDestinationUrlThumbprints is an example only. Replace this text with the thumbprint of your
destination server.
6 Use a REST client to send the JSON request to the Access Point API and configure the edge service to
use RSA SecurID authentication.
In the following example, rsa-auth.json is the JSON request you created in the previous step.
curl -k -d @- -u 'admin' -H "Content-Type: application/json" -X PUT https://access-point-
appliance.example.com:9443/rest/v1/config/edgeservice/edge-service-ID < ~/rsa-auth.json
End users can now use RSA SecurID tokens when logging in to Access Point.
Configure RADIUS Authentication on the Access Point Appliance
On the Access Point appliance, you must enable RADIUS authentication, specify some configuration
settings from the RADIUS server, and change the authentication type to RADIUS authentication.
Prerequisites
n
Verify that the server to be used as the authentication manager server has the RADIUS software
installed and configured. Follow the vendor's configuration documentation.
n
Make a note of the RADIUS server's host name or IP address, the port number on which it is listening
for RADIUS authentication (usually 1812), the authentication type (PAP, CHAP, MSCHAPv1, or
MSCHAPv2), and the shared secret.
You can enter values for a primary and a secondary RADIUS authenticator.
Procedure
1 Use a REST client, such as curl or postman, to invoke the Access Point REST API and get the default
RADIUS authentication settings.
The following example uses a curl command. In the example, access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance.
curl -k -u 'admin' https://access-point-appliance.example.com:
9443/rest/v1/config/authmethod/radius-auth
2 Use the settings returned from Step 1 to create a JSON request for enabling RADIUS authentication.
Access Point 2.6 supports three new properties for RADIUS authentication.
n
directAuthChainedUsername - Enables direct authentication to RADIUS server during auth
chaining. Default value is NULL.
n
enabledAux - Enables the secondary RADIUS server when set to TRUE. Default value is FALSE.
Chapter 6 Setting Up Two-Factor Authentication
VMware, Inc. 63