VMware Horizon Community
mchadwick19
Hot Shot
Hot Shot
‎12-12-2019 08:12 AM

Set up UAG with Smart Card auth without vIDM/WS1

Anyone have any luck configuring a UAG to do smart card authentication to log into Horizon Desktops.

Following the doc's we are in a state now where we are able to log into the UAG with our cards and it is accepted, but it cannot communicate with the Horizon Connection Server to perform the login. We have exchanged SAML metadata between the two system (UAG + CS) but it is still failing, we get an error "apiauth.APIAuthResource: Error reading saved metadata xml" on the UAG. Which sounds like it cannot read the metadata that we copied to the UAG.

We have followed this VMware Knowledge Base article to "refresh" the metadata and encryption certs for SAML communication but we are still having some trouble.

Has anyone in the community configured smart card authentication through just a UAG? We are not trying to set up True SSO or WorkSpace One/vIDM to complicate the infrastructure.

VDI Engineer VCP-DCV, VCP7-DTM, VCAP7-DTM Design
Reply
0 Kudos
2 Replies
sandhog
VMware Employee
VMware Employee
‎03-28-2020 04:10 PM

With DOD smart card? Yes there is a way to do it but you have to use the NON FIPS version of UAG.

Reply
0 Kudos
pharoahtaz
Contributor
Contributor
‎06-04-2021 02:42 AM

@sandhog I know it's been more than a year but can you elaborate on that a bit?  Is the FIPS version not working with DoD Smart Cards?  I'm having sporadic issues with connecting to the UAG using a smart card.  when I am able to authenticate, and select the a desktop pool, I get a connection error and I have to retry multiple times before I am able to get a desktop.  Then there is a log delay before the desktop logs in.  Any ideas what this could be? 

Reply
0 Kudos