Before we begin
There are a few prerequisites that must be in place before proceeding:
- Horizon View 5.2 or 5.3
- View must have been deployed using the default 443 port
- Make sure the View Pools are created with administrator permissions on the root folder in View
- Reverse DNS/IP lookup for all View Connection Servers
- Entitled View users must be synced to Workspace (Configurator > Directory)
- Make sure the UPN is set to Required in your Connector's User Attributes
Once the prereqs have been met, you'll need to first join the connector-va to the same domain as the View Connection Server.
1. Connect to https://:8443
2. Click Join Domain
3. Enter your domain and credentials
Now you can click on View Pools to enable View.
1. Enter your Connection Server's FQDN
2. Accept the thumbprint by clicking on red text under SSL Cert.
3. Click on "SAML Auth enabled" to be redirected to your Connection Server.
On your Connection Server
1. View Configuration > Servers > Connection Servers
2. Edit your Connection Server > Authentication
3. Set the dropdown box to Allowed for Delegation of authentication to VMware Horizon
4. Click Manage Authenticators
5. Click Add
6. Enter whatever you want for your Label
7. In the Metadata URL replace with your gateway-va IP or FQDN (or load balancer if applicable). It should read something like this
https://gateway-va.domain.com/SAAS/API/1.0/GET/metadata/idp.xml
You can leave the Administration URL blank.
You should now see SAML 2.0 Authenticators showing as green back on your View Dashboard. If it is not green, try clicking it and accepting the thumbprint. If there are still issues, go back and ensure you entered your Metadata URL properly.
Back on your Connector's View Pools page, make sure you click Save and Sync your info
And that's it! You should now be able to have your users log into https:///web and they'll now have a View Desktops tab showing their accessible desktops. These desktops can be launched via the web browser using HTML5 (if utilizing BLAST in View) or via the View Client if they have it installed on their Client (right click the desktop for launch options.)
If you'd like more information on this, check out the whitepaper on View Integration.
Good luck!
[Update]
If you're now running Workspace Portal 2.1 and find yourself having issues syncing your Horizon View Pools with errors similar to "Failed to sync due to a problem with the Connection Server" or "Authentication to the Connection Server failed" then try adding and configuring the domain_krb.properties and krb5.conf file per the Workspace Portal 2.1 Release Notes in the Known Issues section.
[Update]
If you're now running Workspace Portal 2.1 and find yourself having issues syncing your Horizon View Pools with errors similar to "Failed to sync due to a problem with the Connection Server" or "Authentication to the Connection Server failed" then try adding and configuring the domain_krb.properties and krb5.conf file per the Workspace Portal 2.1 Release Notes in the Known Issues section.
0 comments:
Post a Comment