7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Property Description
accountingPort
Set this port to 0 unless you want to enable RADIUS accounting. Set this
port to a non-zero number only if your RADIUS server supports collecting
accounting data. If the RADIUS server does not support accounting
messages and you set this port to a nonzero number, the messages will be
sent and ignored and retried a number of times, resulting in a delay in
authentication.
Accounting data can be used in order to bill users based on usage time and
data. Accounting data can also be used for statistical purposes and for
general network monitoring.
sharedSecret
Shared secret.
authType
Authentication type: PAP, CHAP, MS-CHAPv1, or MS-CHAPv2.
3 Use a REST client to get the default edge service settings for the Horizon server.
curl -k -u 'admin' https://access-point-appliance.example.com:
9443/rest/v1/config/edgeservice/VIEW
This example specifies the VIEW edge service because for this release two-factor authentication is
supported only if you use the VIEW edge service.
4 Paste this information into a JSON request for enabling RADIUS authentication for the Horizon server
and add the authMethods property.
{
"identifier": "VIEW",
"enabled": true,
"proxyDestinationUrl": "https://horizon-server.example.com",
"proxyDestinationUrlThumbprints": "sha1=40 e6 98 9e a9 d1 bc 6f 86 8c c0 ad b1 ea ff f7 4a
3b 12 8c",
"authMethods": "radius-auth"
}
This example shows only some of the properties that are common to all edge services. In this example,
horizon-server.example.com is the fully qualified domain name of the Horizon server. You specified this
name when you deployed the Access Point appliance. The text for
proxyDestinationUrlThumbprints is an example only. Replace this text with the thumbprint of your
destination server.
5 Use a REST client to send the JSON request to the Access Point API and configure the edge service to
use RADIUS authentication.
In the following example, radius-auth.json is the JSON request you created in the previous step.
curl -k -d @- -u 'admin' -H "Content-Type: application/json" -X PUT https://access-point-
appliance.example.com:9443/rest/v1/config/edgeservice/edge-service-ID < ~/radius-auth.json
End users can now use a RADIUS code when logging in to Access Point.
Chapter 6 Setting Up Two-Factor Authentication
VMware, Inc. 65