VMware Horizon Community
nvpapworth
Contributor
Contributor
‎11-26-2020 06:44 PM

Setting SAML Authenticator in Connection Server


I'm attempting to add a newly created SAML Authenticator to a Connection Server using a Powershell script, a snippet of which is below.

If I try and set either the "samlAuthenticator" single value or the "samlAuthenticators" list (with a single value), I get an error "Invalid argument type for this member". I'm using a SAMLAuthenticatorId value, which is the value as returned from when the SAML Authenticator is created.

I don't know if I need to manipulate the id value or use as is, or also if I somehow need to "cast" the value set in the MapEntry.value.

A secondary question here is how I represent an array of values when I'm attempting to set samlAuthenticators, if I just wrap the values in curly brackets, and comma separate the values within it - I cannot find any examples of using an array of things in a MapEntry.value.

Any ideas of what I am doing wrong, or does anyone have examples of working code in this area ? I'm using version 7.8 of Horizon View.

$hvServer = Connect-HVServer -Server hv-connection.example.com -User domainadminuser@example.com -Password "password" -Domain example.com
$Global:hvServices = $hvServer.ExtensionData
$csService = New-Object VMware.Hv.ConnectionServerService
$csList = $csService.ConnectionServer_List($hvServices)

$csId = $csList[0].id

$update1 = New-Object VMware.Hv.MapEntry
$update1.key = 'authentication.samlConfig.samlSupport'
$update1.value = 'ENABLED'
*** or ***
$update1.value = 'MULTI_ENABLED'

$update2 = New-Object VMware.Hv.MapEntry
$update2.key = 'authentication.samlConfig.samlAuthenticator'
$update2.value = 'SAMLAuthenticator/ODxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxY0/MzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxVl'

*** or ***

$update2 = New-Object VMware.Hv.MapEntry
$update2.key = 'authentication.samlConfig.samlAuthenticators'
$update2.value = '{SAMLAuthenticator/ODxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxY0/MzxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxVl}'

$updates = @()
$updates += $update1
$updates += $update2

$hvServices.ConnectionServer.ConnectionServer_Update($csId, $updates)

Errors :

Exception calling "ConnectionServer_Update" with "2" argument(s): "ExceptionType : VMware.Hv.InvalidType
ErrorMessage : Invalid argument type for this member.
ParameterName : authentication.samlConfig.samlAuthenticator
ExpectedType : SAMLAuthenticatorId"
At C:\Users\xxx\samlupdate2.ps1:65 char:1
+ $hvServices.ConnectionServer.ConnectionServer_Update($csId, $updates)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : VimException

Exception calling "ConnectionServer_Update" with "2" argument(s): "ExceptionType : VMware.Hv.InvalidType
ErrorMessage : Invalid argument type for this member.
ParameterName : authentication.samlConfig.samlAuthenticators
ExpectedType : ArrayOfSAMLAuthenticatorId"
At C:\Users\xxx\samlupdate2.ps1:65 char:1
+ $hvServices.ConnectionServer.ConnectionServer_Update($csId, $updates)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : VimException

 

0 Kudos
3 Replies
scott28tt
VMware Employee
VMware Employee
‎11-26-2020 11:23 PM

@nvpapworth 

Moderator: Moved to Horizon Desktops and Apps - more likely to get the right visibility and help here.


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
briuzgin
Contributor
Contributor
‎01-27-2022 07:56 AM

The expected type is ArrayOfSAMLAuthenticatorId, while you try using String.

$saml_auth_id= New-Object VMware.Hv.SAMLAuthenticatorId
$saml_auth_id.Id = 'SamlAuthenticator/XXXXXXX'
[VMware.Hv.SAMLAuthenticatorId[]]$update2.Value = $saml_auth_id

This way you get array of one object of type SAMLAuthenticatorId

0 Kudos
briuzgin
Contributor
Contributor
‎01-31-2022 09:39 AM

Looks like here is a bug in this object: expecting ArrayOfSAMLAuthenticatorId which doesn't actually exist and should be just and array of SAMLAuthenticatorId.

A workaround is to create an object VMware.Hv.ConnectionServerSAMLData where you can just set this array

[VMware.Hv.SAMLAuthenticatorId[]]$saml_auth_array = $saml_auth_id
$saml_data = New-Object VMware.Hv.ConnectionServerSAMLData
$saml_data.SamlAuthenticators = $saml_auth_array

Then update the same way SamlSupport and SamlAuthenticator in the new object. Just take values from $csList[0] if you don't need to update them.

After that update the entire authentication.samlConfig key with $saml_data.

0 Kudos