VMware Horizon Community
ak2766
Contributor
Contributor
‎04-11-2018 06:53 AM
Jump to solution

Error 404 while attempting SAML authentication to Horizon View environment!

I've setup a Proof of Concept environment for Horizon 7.  I've got a test user successfully logging in and getting a desktop from either instant clone or linked clone pools.

I'm now trying to authenticate users using a 3rd Party SAML authenticator.  I've followed the scant documentation provided at Using SAML Authentication to setup a Static authenticator.  I've copied the metadata from hzn7-cs1.domain.com/SAML/metadata/sp.xml and sent it over to the IDP.  In Horizon View Administrator, the dashboard shows all services are in the green - including SAML.

In the metadata, I see the Assertion Consumer Service (ACS) URL:

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://hzn7-cs1.cipherize.com/broker/xml" index="0" isDefault="true"/>

When I perform an IDP initiated login, I'm greeted by a 404 error when the IDP sends a POST to the specified Assertion Consumer Service (ACS) URL:

https://hzn7-cs1.cipherize.com/broker.xlm

Directly navigating to this ACS URL also returns a 404 - is this really the correct ACS URL?

What could be the issue?  Has anyone been able to get this working?

Thanks muchly,

AK.

0 Kudos
1 Solution

Accepted Solutions
ak4766
Contributor
Contributor
‎04-04-2020 12:19 AM
Jump to solution

After close to 2 years away from this problem, I had to revisit due to customer request.

For anyone going through this and having similar issue, you will need to use a browser when RDP'd to the Horizon 7 Connection Server VM; I was previously doing it from my local browser when getting this error.

View solution in original post

0 Kudos
2 Replies
ak2766
Contributor
Contributor
‎04-14-2018 07:16 PM
Jump to solution

Wow!

I've now gone through all the questions that have SAML (third party SAML in particular) mentioned on this forum and I'm surprised to note that none of them have any answers.  Is it 'cause third party SAML is not "really" supported (although mentioned in the documentation) or is it that 'cause VMWare has its own SAML implementation and couldn't care less for third party ones?  Assuming the latter (in that VMWare couldn't care less), why not address the 404 error on that published ACS in the metadata?  Does it really exist?

Cheers,

ak.

0 Kudos
ak4766
Contributor
Contributor
‎04-04-2020 12:19 AM
Jump to solution

After close to 2 years away from this problem, I had to revisit due to customer request.

For anyone going through this and having similar issue, you will need to use a browser when RDP'd to the Horizon 7 Connection Server VM; I was previously doing it from my local browser when getting this error.

0 Kudos