mchadwick19
Hot Shot
Hot Shot

Set up UAG with Smart Card auth without vIDM/WS1

Anyone have any luck configuring a UAG to do smart card authentication to log into Horizon Desktops.

Following the doc's we are in a state now where we are able to log into the UAG with our cards and it is accepted, but it cannot communicate with the Horizon Connection Server to perform the login. We have exchanged SAML metadata between the two system (UAG + CS) but it is still failing, we get an error "apiauth.APIAuthResource: Error reading saved metadata xml" on the UAG. Which sounds like it cannot read the metadata that we copied to the UAG.

We have followed this VMware Knowledge Base article to "refresh" the metadata and encryption certs for SAML communication but we are still having some trouble.

Has anyone in the community configured smart card authentication through just a UAG? We are not trying to set up True SSO or WorkSpace One/vIDM to complicate the infrastructure.

VDI Engineer VCP-DCV, VCP7-DTM, VCAP7-DTM Design
0 Kudos
1 Reply
sandhog
VMware Employee
VMware Employee

With DOD smart card? Yes there is a way to do it but you have to use the NON FIPS version of UAG.

0 Kudos