VMware Horizon Community
Chris_Nodak
Enthusiast
Enthusiast
‎01-30-2019 02:22 PM
Jump to solution

How to disable an authentication method

We have successfully had RSA SecurID set up as an authentication method using the UAG. We now plan to change that to Radius as we are implementing RSA's cloud connect product. Not knowing that we couldn't have both options in use, we set up the Radius settings. After reading up some more we realized you can only use one or the other option. So we attempted to disable the SecurID option. When I disable and click save I get the following: Please enable the authentication method

I can't disable either option and save the settings. Authentication is still working fine with the SecurID option. I suppose I have to deploy another instance of the UAG and set things up again?

Thanks.

Reply
0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
‎01-31-2019 03:34 AM
Jump to solution

Chris_Nodak​ - If you've added the RADIUS config (under "Authentication Settings") on UAG you should be able to select that in the Horizon Settings (under "Edge Service Settings") in "Auth Methods". Set it to radius-auth & sp-auth instead of (securid-auth & sp-auth). It is the Horizon Edge Service Settings that determines what authentication will actually be used for Horizon clients.

View solution in original post

Reply
0 Kudos
5 Replies
BenFB
Virtuoso
Virtuoso
‎01-30-2019 08:42 PM
Jump to solution

From what I've seen once a authentication method is configured it can't be unconfigured. However, you can have multiple authentication methods configured with AND or OR operators. It just comes down to what is enabled under the edge settings which can be multiples (You could have securid-auth & radius-auth or securid-auth OR radius-atuh). One of the examples given on the UAG is having securid-auth OR radius-auth configured where one or the other will be enforced.

Edit: I did some additional digging and starting with UAG 3.4 there is a note that is not present with prior versions. markbenson​ is this a known issue in 3.4, change in 3.4 or did this not actually work in the past?

Configuring Authentication in DMZ

Note:

Only one of the two factor user authentication methods can be specified for an Edge Service. This can be Certificate/Smart Card authentication, RADIUS authentication, or RSA Adaptive Authentication.

Reply
markbenson
VMware Employee
VMware Employee
‎01-31-2019 03:34 AM
Jump to solution

Chris_Nodak​ - If you've added the RADIUS config (under "Authentication Settings") on UAG you should be able to select that in the Horizon Settings (under "Edge Service Settings") in "Auth Methods". Set it to radius-auth & sp-auth instead of (securid-auth & sp-auth). It is the Horizon Edge Service Settings that determines what authentication will actually be used for Horizon clients.

Reply
0 Kudos
Chris_Nodak
Enthusiast
Enthusiast
‎01-31-2019 07:07 AM
Jump to solution

BenFB  Thanks for the reply. I did find that in the Edge settings. And that note you found is what I was referring to about running both options. After some initial testing, I couldn't get it to work, but I expect that's a configuration issue on our end with the identity router, I'll follow up with RSA on that piece.

Reply
0 Kudos
Chris_Nodak
Enthusiast
Enthusiast
‎01-31-2019 07:08 AM
Jump to solution

markbenson​ Yes, thank you. I forgot about that field. Will do some additional testing. Thanks!

Reply
0 Kudos
Poom22
Enthusiast
Enthusiast
‎02-12-2019 09:04 AM
Jump to solution

This seems mad that you cant change authentication settings either, I can't even clear node secret and press save without ' choose authentication method errors''

Has anyone else got round this?

( RSA SecurID)

Reply
0 Kudos