Did you have to do anything else to get this working properly?  I've tried cert-proxy.vmwareidentity.com:443 and also certproxy.vmwareidentity.com:5262 in the proxy (I am in the US) and I am still getting access denied on the android devices.  Looks like the tunnel application is launching properly

Hi ,

Which certificate you upload in the Workspace one ?

Is it the Tunnel cert?

I used the same cert from the identity manager integration that I used for IOS.  Do I need to change to one of the tunnel certs?

edit: just tried the cert from aw tunnel root with same problem

for my case , I am not using public certificate

I use Airwatch certificate .

And Android is not same as iOS , Android need to import the tunnel certificate which form setting > system > Enterprise Integration > VMware Tunnel > Configuration > Advance > Root Certificate

export the Certificate and upload in to workspace one > Identity & Access Management > Authentication Methods > Mobile SSO (for Android) > Root and intermediate CA certificates

I hope it can help you.

PS : This worksapce one is not easy to get information from internet for configure , and the official document cannot provide enough information for setup.

Thanks, I am also using AirWatch certificates.  I tried with that Cert but am getting the same issue.  Are you using the full AirWatch tunnel with the appliance deployed or did you enter a dummy hostname like they specified in the quick configuration guide?

It is frustrating that the documentation is incomplete and contradictory (for example, the Identity Manager config guide mentions using certproxy.vmwareidentity.com:5262 where the Quick Config guide says to use cert-proxy.vmwareidentity.com:443)

I don't have install or deploy the tunnel server/appliance

and for the hostname i just enter a fake domain in it.

so let me capture some screen and upload for you later.

Thanks,

Here is my current config:

Cloud vIDM Access Policy added for Android Mobile SSO:

Mobile SSO Android Adapter enabled using root cert from the tunnel:

Mobile SSO for Android enabled on built-in auth adapter:

AW Tunnel Config:

Network Traffic Rules: (i also tried with cert-proxy.vmwareidentity.com:443) and also tried adding https:// in front of my destination hostname

Thanks for taking a look!

Thanks for taking the time to reply with all of that info.  I confirmed my setup is the same as yours.  Not sure what is going on .  Gotta try to get ahold of someone at VMware.

Still haven't been able to get this working.  Do you have a profile pushing a user certificate out to android devices?

no user certificate profile.

YIPKC

Still not working with me. this is my log - onpremis

in the log "Connect to 10.160.5.55:5262 [/10.160.5.55] failed: connect timed out"

did you open the firewall port for it?

it have done when i turn on certproxy on IDM and used proxy mode on traffic tunnel but when i use bypass mode, the problem appear. the firewall rule is open for 5262 two-way.

#YIPKC​ can you give me your contact (ex. Skype) to discuss about airwatch, it's ok ?

I don't have skype, sorry

and i am still confuse for integration  with airwatch.

Hi vietnguyen2304,

We have exactly the same problem with SSO Android :

com.vmware.horizon.adapters.certproxy.exceptions.CertProxyClientException: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://YY.YY.YY.YY:5262/clientData/42781": Connect to XX.XX.XX.XX:5262 [/YY.YY.YY.YY] failed: connect timed out; nested exception is org.apache.http.conn.ConnectTimeoutException: Connect to ZZ.ZZ.ZZ.ZZ:5262 [/WW.WW.WW.WW] failed: connect timed out....

Have you fixed it ?

Thanks

hi jnovelle

What's Your airwatch enviroment? i get the error on Andoird when i config bypass tunnel (on-premises) enviroment ! but when i change from bypass to proxy (IDM on-premises) it's work

We have vIDM on premise and Airwatch on SaaS.

The only difference is that we have the same FQDN for the certproxy (5262 port) and for vIDM access.