Hi,
I have deployed UAG3.0 using the powershell script as a reverse proxy to use with vIDM, internally it works. But when accessing through UAG I get a "Request Failed, contact your IT Administrator" error when accessing vIDM user portal.
The "New End user portal UI" is already enable.
[WebReverseProxy]
# For vIDM use set the instanceId to VIDM. For other WebReverseProxy instances, don't include this line.
#
instanceId=VIDM
#
# URL of the VMware Identity Manager server
#
proxyDestinationURL= https://172.16.1.63
#
# proxyDestinationUrlThumbprints only needs to be specified if the above server does not have
# a trusted CA signed SSL server certificate installed (e.g. if it has the default self-signed certificate only).
# This is a comma separated list of thumbprints in the format shown here.
#
proxyDestinationUrlThumbprints=sha1=3E:28:02:1F:15:52:A4:2C:DF:BD:73:DC:A1:AE:31:12:25:08:F2:7D
#
# The following settings should not be altered
#
proxyPattern=(/|/SAAS(.*)|/SAAS/auth/wsfed/active/logon|/hc(.*)|/web(.*)|/catalog-portal(.*))
unSecurePattern=(/catalog-portal(.*)|/|/SAAS/|/SAAS|/SAAS/API/1.0/GET/image(.*)|/SAAS/horizon/css(.*)|/SAAS/horizon/angular(.*)|/SAAS/horizon/js(.*)|/SAAS/horizon/js-lib(.*)|/SAAS/auth/login(.*)|/SAAS/jersey/manager/api/branding|/SAAS/horizon/images/(.*)|/SAAS/jersey/manager/api/images/(.*)|/SAAS/jersey/manager/api/authadapters/(.*)|/hc/(.*)/authenticate/(.*)|/hc/static/(.*)|/SAAS/auth/saml/response|/SAAS/auth/authenticatedUserDispatcher|/web(.*)|/SAAS/apps/|/SAAS/horizon/portal/(.*)|/SAAS/horizon/fonts(.*)|/SAAS/API/1.0/POST/sso(.*)|/SAAS/API/1.0/REST/system/info(.*)|/SAAS/API/1.0/REST/auth/cert(.*)|/SAAS/API/1.0/REST/oauth2/activate(.*)|/SAAS/API/1.0/GET/user/devices/register(.*)|/SAAS/API/1.0/oauth2/token(.*)|/SAAS/API/1.0/REST/oauth2/session(.*)|/SAAS/API/1.0/REST/user/resources(.*)|/hc/t/(.*)/(.*)/authenticate(.*)|/SAAS/API/1.0/REST/auth/logout(.*)|/SAAS/auth/saml/response(.*)|/SAAS/(.*)/(.*)auth/login(.*)|/SAAS/API/1.0/GET/apps/launch(.*)|/SAAS/API/1.0/REST/user/applications(.*)|/SAAS/auth/federation/sso(.*)|/SAAS/auth/oauth2/authorize(.*)|/hc/prepareSaml/failure(.*)|/SAAS/auth/oauthtoken(.*)|/SAAS/API/1.0/GET/metadata/idp.xml|/SAAS/auth/saml/artifact/resolve(.*)|/hc/(.*)/authAdapter(.*)|/hc/authenticate/(.*)|/SAAS/auth/logout|/SAAS/common.js|/SAAS/auth/launchInput(.*)|/SAAS/launchUsersApplication.do(.*)|/hc/API/1.0/REST/thinapp/download(.*)|/hc/t/(.*)/(.*)/logout(.*))
loginRedirectURL=/SAAS/auth/login?dest=%s
authCookie=HZN
markbenson
Have you tried using the FQDN instead of the IP address? All the docs say use the FQDN, and SSL is not a fan of being redirected directly to an IP address instead of a host name, throws up cert mismatches.
Yes, you must use the FQDN of vIDM and when UAG resolves the FQDN it must point to vIDM appliance. If UAG do not have access to internal DNS you can add local entries in the hosts file..