Solved: SSO + UAG without Workspace one

scherian1 · ‎08-25-2022

Hi there community,

We are testing out TrueSSO (using Horizon 8, Connection Server, UAG 2207, Enrollment server and Certificate Authority)

Our IDP is Cisco Duo

Our goal is for the users to launch their VDI desktop without having to put in their AD credentials.

1. Is this achievable using UAG and Connection Servers without Workspace One/identity manager?

2. if the answer to 1 is yes.. we are running into the below error when the user tries to launch their desktop via a browser or the Horizon client.

"This Horizon Server expects to get your logon credentials from another application or server, not directly through the client login screen. if you usually access Horizon from another applications ,please launch that application"

--On the connection server under dashboard.. view -->true sso is showing all green no errors.

When users attempt to login - they are able to authenticate with the IDP (push notification) .. but soon after they get the above error. Any suggestions or guidance would be much appreciated.

scherian1 · ‎08-26-2022

Found the issue. the SSO worked for 1 day and then stopped.

I had to regenerate SAML data.. and import it in.

Further i adjusted the timeout period using this article

https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-administration/GUID-3E170C23-097F-46D0-82BD...

View solution in original post

scherian1 · ‎08-26-2022

Found the issue. the SSO worked for 1 day and then stopped.

I had to regenerate SAML data.. and import it in.

Further i adjusted the timeout period using this article

https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-administration/GUID-3E170C23-097F-46D0-82BD...

Youssefb · ‎01-24-2023

can you elaborate more about this solution? I have similar issue but with Azure. what do you mean by regenerate SAML data and import it in? as far as adjusting the timeout period I think it's optional if everything is working properly already.

Thank you,

All

SSO + UAG without Workspace one