VMware Workspace ONE Community
lnn04
Contributor
Contributor
‎09-24-2013 11:05 AM

SAML authentication with View


I have a strange issue with connecting to View desktops (with View Client or browser) from Horizon workspace.  I cannot use my AD account to gain access.  I am able to use my account to login to View desktop directly from client.  I just can't get to it when going through workspace.  However, I am able have View desktop working with Workspace when I use a test AD account.  The view log has this error:

2013-09-24T10:30:41.214-07:00 ERROR (0E5C-02F0) <TP-Processor8> [SamlUtil] (SESSION:dfb7_***_c424) Replay attack: Artifact 000400005a00e8c98be546c7b13ee6938cbc8a42be2d3bcd33a5c9cb356843e6a98bcf28ffdc985c91465942 has already been seen.

2013-09-24T10:30:41.215-07:00 ERROR (0E5C-02F0) <TP-Processor8> [SamlAuthFilter] (SESSION:dfb7_***_c424) Problem determining UPN from SAML Auth: Replay attack: Artifact 000400005a00e8c98be546c7b13ee6938cbc8a42be2d3bcd33a5c9cb356843e6a98bcf28ffdc985c91465942 has already been seen.

2013-09-24T10:30:41.216-07:00 ERROR (0E5C-02F0) <TP-Processor8> [ProperoAuthFilter] (SESSION:dfb7_***_c424) Error performing authentication: SAML auth attempt but no valid UPN supplied by artifact/assertion

0 Kudos
4 Replies
admin
Immortal
Immortal
‎09-30-2013 02:24 PM

1) What version is this? 1.5?

2) Did you make userPrincipalName as required in the user attributes page on the connector page when provisioning users?

3) In any case, can you check the time syncronization on ALL your environment? (AD, VAs in Workspace, etc etc).

0 Kudos
zakkkeri
Contributor
Contributor
‎11-29-2013 05:30 AM

I have exactly same problem with Workspace 1.5

Time synchonization is within 1 sec.

0 Kudos
Mohamed_Hamad
Enthusiast
Enthusiast
‎11-30-2013 09:22 PM

Did You Enable SAML authentication on all of your Connection servers to point for the gateway-va ? 

Mohamed Hamad
0 Kudos
tMaize
Contributor
Contributor
‎12-04-2014 06:49 AM

Time Sync resolved my issue, ran the following command on my connection servers and security server.

net time \\<DC_NAME_OR_IP> /set /y

Similar log entries:

[EventLogger] (SESSION:4427_***_7b8e) Error_Event:[BROKER_USER_AUTHFAILED_SAML_ACCESS_DENIED] "SAML access denied because of invalid assertion/artifact": Source=com.vmware.vdi.broker.filters.SamlAuthFilter, Time=Thu Dec 04 07:14:53 MST 2014, Severity=AUDIT_FAIL, Node=CS_Server.domain, Module=Broker, Acknowledged=true

ERROR (1028-1AB8) <TP-Processor21> [ProperoAuthFilter] (SESSION:4427_***_7b8e) Error performing authentication: SAML auth attempt but no valid UPN supplied by artifact/asertion

0 Kudos