VMware Horizon Community
veedeeeye2
Contributor
Contributor
‎07-24-2020 02:59 AM

UAG 3.10 and ADFS

Hi,

Currently we use UAG 3.7 in our environment. The UAG is configured for smart card authentication only (x.509 cert-auth).

Each UAG is paired to a dedicated Connection Server (no load balancer) with SAML. So a user launches the Horizon client and receives a PIN prompt. The PIN is passed from UAG to Connection Server and if successful, the user sees their entitled apps. They click on an app to start Blast and are signed on to a desktop or RDSH session without further authentication (via smart card redirection - no True SSO used).

While this works fine, the (great!) news that UAG 3.10 has ADFS IDP support has me wondering if this can be leveraged to enable SSO into Horizon and completely remove the smart card PIN prompt? That being the case, from there, would we still be able to leverage smart card redirection post-auth into Horizon to get SSO to RDSH also?

We're planning on getting 3.10 into our dev environment soon for testing but just looking for a bit of a steer.

Hope this makes sense.

Thanks,

V

Reply
0 Kudos
4 Replies
surajr04
VMware Employee
VMware Employee
‎07-24-2020 09:03 AM

Yes, UAG 3.10 support ADFS IDP, however if you want to leverage SSO you have to enable TrueSSO.

Reply
0 Kudos
veedeeeye2
Contributor
Contributor
‎07-27-2020 01:52 AM

Thanks for the rely.  So it's likely that after ADFS configured authentication into Horizon, the user would hit the Windows RDSH/VDI log on screen rather than have smart card redirected auth?

I'll have a look at True SSO and test.

V

Reply
0 Kudos
Shreyskar
VMware Employee
VMware Employee
‎07-29-2020 07:14 AM

Yes. Once they are authenticated through ADFS, they will be presented with windows logon screen unless you have TrueSSO enabled.TrueSSO provides a way to authenticate to Microsoft Windows, retaining all of the users’ normal domain privileges, without requiring them to provide AD credentials.

You can setup TrueSSO and test following below blog:

VMware Horizon 7 True SSO: Setting Up In a Lab | VMware End-User Computing Blog

Reply
0 Kudos
veedeeeye2
Contributor
Contributor
‎07-29-2020 07:20 AM

Understood. Many thanks for the reply. I'll test it out in the lab environment and update the thread at some point.

V

Reply
0 Kudos