VMware Workspace ONE Community
dthacker82
Contributor
Contributor

UAG 3.1.1 as reverse proxy + SAML pass-through

OK, I've been through VMware's docs backwards and forwards for the deployment of UAG as a reverse-proxy for VIDM, and I cannot get SAML pass-through authentication to work. If I turn it off, I get redirected to the Workspace login screen, put in my credentials, and get redirected to a SAML authentication page, which of course isn't parsed correctly. If I follow all of the steps in the VMware instructions for identity bridging, everything works properly, all lights are green in the UAG config, but I'm never prompted for any kind of credentials -- it just sits there indefinitely. Is it supposed to allow you to connect to Workspace and browse the catalog, AND redirect the SAML requests properly too, or just parse SAML requests that it receives? This is 100% on-prem, no cloud involvement. The deployment doc looks to be straightforward, but it just doesn't work.

I haven't configured the Airwatch module yet, because I'd rather not get that in-depth in the POC stage.

Reply
0 Kudos
2 Replies
pbjork
VMware Employee
VMware Employee

Hi.. What do you mean with SAML passthrough? UAG in-front of vIDM is just a reverse proxy.. UAG cannot perform any authentication and then pass it on to vIDM.

Reply
0 Kudos
dthacker82
Contributor
Contributor

I finally sorted it all out, just didn't update my original post.

You are definitely correct, UAG can act as a SAML SP and pass through SAML requests to VIDM, but in RP mode, it doesn't do any of the authentication. I had a misconfiguration on my end.

Reply
0 Kudos