VMware Horizon Community
hkaratonev
Contributor
Contributor

UAG v3.1.1 RSA Integration

We are trying to configure UAG to work with RSA, unfortunately without success so far.

As I am reading the documentation and as I am looking at the configuration page about RSA in UAG, I AM AMAZED TO SEE THE FOLLOWING LINES:

*External HOST Name          Enter the IP address of the Unified Access Gateway instance. The value you enter must match the value

you used when you added the Unified Access Gateway appliance as an authentication agent to the RSA SecurID server.

*Internal HOST Name           Enter the value assigned to the IP address prompt in the RSA SecurID server

Please see attached the screenshot from the actual installation - UAG.png

These values will always be the same, if they are the IP Addresses of the UAG!  This is according to my understanding.

Please see attached screenshot from the actrual installation of the RSA - where the things are looking much logical. - RSA.png

Despite everything we tried including deploying from powershell and ini configuration file, we are still in the middle of nowhere.

The login prompt offered from UAG should include RSA embedded text. But this is NOT happening. No trace from attempt in the RSA...

I am wondering if somewhere out there exist living person who have successfully integrated these two solutions?

Any help from this extraordinary man will be greatly appreciated.

Reply
0 Kudos
2 Replies
Erossman
Enthusiast
Enthusiast

I tried the RSA configuration last week at my client site. But we wasn't able to save the RSA UAG configuration. We got a error message all the time (I don't remember what is was exactly).

We think this happened because the firewall ports between uag und RSA are not open yet.

Was you able to save the settings in UAG for RSA authentification?

Did you enable 2FA in the UAG ? You have to do this in the Horizon UAG Settings after you set the RSA configuration.

There is a field which is called "Auth Methods"

UAG1.png

Please enable there the RSA authentification

Reply
0 Kudos
jrodsguitar
Enthusiast
Enthusiast

External HOST Name and Internal HOST Name should be the internal IP address of your UAG. They should be the same.

So if UAG is 10.10.10.3:

External HOST would be 10.10.10.3

Internal HOST would be 10.10.10.3

Auth Method should be set as below. Your UAG IP address must be configured on the RSA server as an identity agent. You may have to clear the secret then try again. Anytime you redeploy the UAG you must clear the secret on the RSA server for the UAG.

pastedImage_3.png

Blog: https://powershell.house/
Reply
0 Kudos