I was going to say No, however I just checked again and it seems that the document was updated since yesterday (the new content being in bold)

http://pubs.vmware.com/horizon-7-view/index.jsp#com.vmware.horizon-ap.deploy-config.doc/GUID-C2F2229...‌

Note, the unSecurePattern setting seems to be missing a leading (

So, I configured access point with the proper settings as documented in the updated manual.  However, when I connect to it, it tries to redirect me to the internal IP of the identity manager.  Any ideas why this is happening?

Here is the updated REST config using the new parameters found in the manual.

{

      "identifier": "WEB_REVERSE_PROXY",

      "enabled": true,

      "proxyDestinationUrl": "https://192.168.200.23:443",

      "proxyDestinationUrlThumbprints": "sha1=69 27 ad a9 19 a2 24 c9 53 c8 5c 42 3e ef cc ac 15 b2 de 3c",

      "healthCheckUrl": "/favicon.ico",

      "proxyPattern": "(/|/SAAS(.*)|/hc(.*)|/web(.*)|/catalog-portal(.*))",

      "unSecurePattern": "(/catalog-portal(.*)|/|/SAAS/|/SAAS|/SAAS/API/1.0/GET/image(.*)|/SAAS/horizon/css(.*)|/SAAS/horizon/angular(.*)|/SAAS/horizon/js(.*)|/SAAS/horizon/js-lib(.*)|/SAAS/auth/login(.*)|/SAAS/jersey/manager/api/branding|/SAAS/horizon/images/(.*)|/SAAS/jersey/manager/api/images/(.*)|/hc/(.*)/authenticate/(.*)|/hc/static/(.*)|/SAAS/auth/saml/response|/SAAS/auth/authenticatedUserDispatcher|/web(.*)|/SAAS/apps/|/SAAS/horizon/portal/(.*)|/SAAS/horizon/fonts(.*)|/SAAS/API/1.0/POST/sso(.*)|/SAAS/API/1.0/REST/system/info(.*)|/SAAS/API/1.0/REST/auth/cert(.*)|/SAAS/API/1.0/REST/oauth2/activate(.*)|/SAAS/API/1.0/GET/user/devices/register(.*)|/SAAS/API/1.0/oauth2/token(.)|/SAAS/API/1.0/REST/oauth2/session(.*)|/SAAS/API/1.0/REST/user/resources(.*)|/hc/t/(.* )/(.*)/authenticate(.*)|/SAAS/API/1.0/REST/auth/logout(.*)|/SAAS/auth/saml/response(.*)|/SAAS/(.*)/(.*)auth/login(.*)|/SAAS/API/1.0/GET/apps/launch(.*)|/SAAS/API/1.0/REST/user/applications(.*)|/SAAS/auth/federation/sso(.*)|/SAAS/auth/oauth2/authorize(.*)|/hc/prepareSaml/failure(.*)|/SAAS/auth/oauthtoken(.*)|/SAAS/API/1.0/GET/metadata/idp.xml|/SAAS/auth/saml/artifact/resolve(.*)|/hc/(.*)/authAdapter(.*)|/hc/authenticate/(.*)|/SAAS/auth/logout|/SAAS/common.js|/SAAS/auth/launchInput(.*)|/SAAS/launchUsersApplication.do(.*)|/hc/API/1.0/REST/thinapp/download(.*)|/hc/t/(.*)/(.*)/logout(.*))",

      "authCookie": "HZN",

      "loginRedirectURL": "/SAAS/auth/login?dest=%s"

    },

Have you configured new externally available FQDN on vIDM? Do you use split DNS?

Hi Peter, thanks for the reply.

I found this article you wrote, which I think may explain my problem: Workspace Portal - Trouble Changing the FQDN - Horizon Tech Blog - VMware Blogs

It was hard to find, since the error in the UI says "Error validating Identity Manager URL".  Once I was able to check the logs I found "Error validating workspace URL" which led me to your article. 

I am going to try running through that in a bit and see how far I get.

Is it possible to get this working with Split DNS? Or do I need to hairpin it out of the network for it to work?  This is just for a test lab environment at this point.

I would say Split DNS is a requirement. Internally the FQDN should point to internal IP of vIDM and externally FQDN points to Access Point external IP.