VMware Horizon Community
cyberfed2727
Enthusiast
Enthusiast
‎02-24-2017 08:16 AM

Horizon 7 Smart Card acces to the admin web page

Need some help guys.

We use smart card and my job for authentication.

I have successfully setup Horizon View 7 to prompt for smart card and log into our VDI desktops, that all works 100%.

However I am unable to use my smart card to log into the Horizon View Administrator Web page.

When I hit the admin page it immediate finds gives me a list of my badge certs to choose from, then after selecting the right one (I've tried both that are presented to me) it asks for my PIN. After that it just thinks for a second and dumps me to the login page where I'm forced to use a traditional username/password to login.

I've imported the entire cert chain into my truststorefile.key

Here's what I'm seeing in the logs (edited bold for security reasons):

Reading certificate: UID=14001003227121 + CN=MY NAME (Affiliate), OU=XXX for privacy, OU=XXX for privacy, O=XXX for privacy, C=XXX for privacy

Extracted User Principal Name = MY NAME from cert

Skipping unrecognised SAN of type 6 with value: urn:uuid:XXXX

Reading certificate: OU=Entrust Managed Services SSP CA, OU=Certification Authorities, O=Entrust, C=US

No SubjectAlternativeName found

Reading certificate: OU=Entrust Managed Services Root CA, OU=Certification Authorities, O=Entrust, C=US

No SubjectAlternativeName found

Peer verified as: UID=XXX+CN=MY NAME (Affiliate),OU=XXX for privacy,OU=XXX for privacy,O=XXX for privacy,C=XXX for privacy

Request from /10.71.224.53: POST /admin/amfproxy/amfsecure

Appending UPNs: [MY NAME]

Adding vdmClientUPNsSigned to headers: long random string

Appending UPNs: [UID=XXX+CN=MY NAME (Affiliate),OU=XXX for privacy,OU=XXX for privacy,O=XXX for privacy, C=XXX for privacy, OU=Entrust Managed Services SSP CA,OU=Certification Authorities,O=Entrust,C=US, OU=Entrust Managed Services Root CA,OU=Certification Authorities,O=Entrust,C=US]

Adding vdmClientSubjectDnsSigned to headers:long random string

Gateway headers sent to the broker:

gateway-type = [SG-cohosted]

gateway-location = [Internal]

<ajp-nio-8009-exec-9> [ViewFlexFactory] com.vmware.vdi.admin.ui.LoginBean.getDomains 1 ms

<ajp-nio-8009-exec-9> [ViewFlexFactory] com.vmware.vdi.admin.ui.VersionInfoBean.getShortVersion 0 ms

<AJP-73> [SimpleAJPService] (ajp:admin:Request12) Response 200 200

0 Kudos
0 Replies