VMware Workspace ONE Community
dmuligan
Enthusiast
Enthusiast

UAG3.0 + vIDM 2.9.1 -> Request Failed

Hi,

I have deployed UAG3.0 using the powershell script as a reverse proxy to use with vIDM, internally it works. But when accessing through UAG I get a "Request Failed, contact your IT Administrator" error when accessing vIDM user portal.

The "New End user portal UI" is already enable.

[WebReverseProxy]

# For vIDM use set the instanceId to VIDM. For other WebReverseProxy instances, don't include this line.

#

instanceId=VIDM

#

# URL of the VMware Identity Manager server

#

proxyDestinationURL= https://172.16.1.63

#

# proxyDestinationUrlThumbprints only needs to be specified if the above server does not have

# a trusted CA signed SSL server certificate installed (e.g. if it has the default self-signed certificate only).

# This is a comma separated list of thumbprints in the format shown here.

#

proxyDestinationUrlThumbprints=sha1=3E:28:02:1F:15:52:A4:2C:DF:BD:73:DC:A1:AE:31:12:25:08:F2:7D

#

# The following settings should not be altered

#

proxyPattern=(/|/SAAS(.*)|/SAAS/auth/wsfed/active/logon|/hc(.*)|/web(.*)|/catalog-portal(.*))

unSecurePattern=(/catalog-portal(.*)|/|/SAAS/|/SAAS|/SAAS/API/1.0/GET/image(.*)|/SAAS/horizon/css(.*)|/SAAS/horizon/angular(.*)|/SAAS/horizon/js(.*)|/SAAS/horizon/js-lib(.*)|/SAAS/auth/login(.*)|/SAAS/jersey/manager/api/branding|/SAAS/horizon/images/(.*)|/SAAS/jersey/manager/api/images/(.*)|/SAAS/jersey/manager/api/authadapters/(.*)|/hc/(.*)/authenticate/(.*)|/hc/static/(.*)|/SAAS/auth/saml/response|/SAAS/auth/authenticatedUserDispatcher|/web(.*)|/SAAS/apps/|/SAAS/horizon/portal/(.*)|/SAAS/horizon/fonts(.*)|/SAAS/API/1.0/POST/sso(.*)|/SAAS/API/1.0/REST/system/info(.*)|/SAAS/API/1.0/REST/auth/cert(.*)|/SAAS/API/1.0/REST/oauth2/activate(.*)|/SAAS/API/1.0/GET/user/devices/register(.*)|/SAAS/API/1.0/oauth2/token(.*)|/SAAS/API/1.0/REST/oauth2/session(.*)|/SAAS/API/1.0/REST/user/resources(.*)|/hc/t/(.*)/(.*)/authenticate(.*)|/SAAS/API/1.0/REST/auth/logout(.*)|/SAAS/auth/saml/response(.*)|/SAAS/(.*)/(.*)auth/login(.*)|/SAAS/API/1.0/GET/apps/launch(.*)|/SAAS/API/1.0/REST/user/applications(.*)|/SAAS/auth/federation/sso(.*)|/SAAS/auth/oauth2/authorize(.*)|/hc/prepareSaml/failure(.*)|/SAAS/auth/oauthtoken(.*)|/SAAS/API/1.0/GET/metadata/idp.xml|/SAAS/auth/saml/artifact/resolve(.*)|/hc/(.*)/authAdapter(.*)|/hc/authenticate/(.*)|/SAAS/auth/logout|/SAAS/common.js|/SAAS/auth/launchInput(.*)|/SAAS/launchUsersApplication.do(.*)|/hc/API/1.0/REST/thinapp/download(.*)|/hc/t/(.*)/(.*)/logout(.*))

loginRedirectURL=/SAAS/auth/login?dest=%s

authCookie=HZN

markbenson

Reply
0 Kudos
2 Replies
dthacker82
Contributor
Contributor

Have you tried using the FQDN instead of the IP address? All the docs say use the FQDN, and SSL is not a fan of being redirected directly to an IP address instead of a host name, throws up cert mismatches.

Reply
0 Kudos
pbjork
VMware Employee
VMware Employee

Yes, you must use the FQDN of vIDM and when UAG resolves the FQDN it must point to vIDM appliance. If UAG do not have access to internal DNS you can add local entries in the hosts file..

Reply
0 Kudos