Azure MFA, UAG, Horizon and TRUE SSO – Step 5

February 28, 2021March 4, 2021 fabio1975Azure AD, Horizon, MFA, Multifactor, SSO, TRUESSO, TruSSO, UAG, Unified Access GatewayLeave a comment

Import XML on Horizon Connection Servers and configure it

Now we import the XML content in to all Horizon Connection Server, for all server on

Select Edit and after authentication

Select in delegation of authentication ….. the value ALLOWED open

and a new authenticator

Static

Name type Azure

And copy the content of XML file on the SAML Metadata

Enable truesso for Horizon Authentication method

On a Connection server enable the TRUESSO for a Authentication Method

vdmUtil –authAs admin-role-user –authDomain domain-name –authPassword admin-user-password –truesso –authenticator –edit –name authenticator-fqdn –truessoMode {ENABLED|ALWAYS}

vdmUtil –authAs administrator –authDomain pollaio –authPassword 121212121 –truesso –authenticator –edit –name azure –truessoMode ENABLED

And now the configuration is done.

Thank You

Fabio Storni fabio1975@gmail.com

REFERENCE

Tutorial: Azure Active Directory single sign-on (SSO) integration with VMware Horizon – Unified Access Gateway | Microsoft Docs

Setting Up True SSO (vmware.com)

Azure MFA, UAG, Horizon and TRUE SSO – Step 4

February 28, 2021March 4, 2021 fabio1975Azure AD, Horizon, MFA, Multifactor, SSO, TRUESSO, TruSSO, UAG, Unified Access GatewayLeave a comment

Configure a enterprise application on Azure AD, configure it and export XML

Insert:

Identifier -> https://<public-FQDN-UAG>/portal

Reply URL -> https://<public-FQDN-UAG>/portal/samlsso

Sign on URL -> https://<public-FQDN-UAG>/portal/samlsso

Download the XML

Assign Users or Groups permission to Enterprise application

Import XML on UAG and configure it

Import Identity Provider Metadata, select the file XML downloaded from the Enterprise Application data

Select the identity provider

Select More Option

And select SAML e the correct Identity provider (with SAML+PASSTROUGHT the identity token will not passed to horizon Server and it will required a new autentication)

Azure MFA, UAG, Horizon and TRUE SSO – Step 3

February 28, 2021March 4, 2021 fabio1975Azure AD, Horizon, MFA, Multifactor, SSO, TRUESSO, TruSSO, UAGLeave a comment

Export Horizon Enrollment Certificate from Horizon installation and install it in to Enrollment Horizon Server

Connect to Horizon Server and export the Horizon View Certificate (The certificate with vdm.ec friendly name)

Now we import the enrollment certificate in to Horizon Enrollment server, we need import in to Certificate Computer store and add the friwndly name vdm.ec

Configure TrueSSO on Horizon Connection Server

Configure Enrollement server

vdmUtil –authAs admin-role-user –authDomain domain-name –authPassword admin-user-password –truesso –environment –add –enrollmentServer enroll-server-fqdn

vdmUtil –authAs administrator –authDomain pollaio –authPassword qwerty1234567890! –truesso –environment –add –enrollmentServer Enroll.pollaio.lan

Verifica le informazioni

vdmUtil –authAs admin-role-user –authDomain domain-name –authPassword admin-user-password –truesso –environment –list –enrollmentServer enroll-server-fqdn –domain domain-fqdn

vdmUtil –authAs administrator –authDomain pollaio –authPassword qwerty1234567890! –truesso –environment –list –enrollmentServer Enroll.pollaio.lan –domain pollaio.lan

Creare la connessione per il true sso

vdmUtil –authAs admin-role-user –authDomain domain-name –authPassword admin-user-password –truesso –create –connector –domain domain-fqdn –template TrueSSO-template-name –primaryEnrollmentServer enroll-server-fqdn –certificateServer ca-common-name –mode enabled

vdmUtil –authAs administrator –authDomain pollaio –authPassword qwerty1234567890! –truesso –create –connector –domain pollaio.lan –template TRUESSOHORIZON –primaryEnrollmentServer enroll.pollaio.lan –certificateServer pollaio-NPSSRV-CA –mode enabled

Verify from the Horizon Connection server dashboard thee TrueSSO status, if it is all green the trueSSO is Ready

Integrazione VMware Unified Access Gateway con autenticazione Azure MFA

November 21, 2020February 27, 2021 fabioAzure, ESXi, Horizon, MFA, UAG, Unifed Access GatewayLeave a comment

Per procedere all’integrazione con Azure MFA è necessario eseguire delle configurazioni su Azure Active Directory (non entrerò nel dettaglio di queste configurazioni) ma per procedere nell’abilitazione dell’autenticazione a più fattori sull’UAG è necessario accedere all’Enterprise Application creata e scarica il file XML con i metadata. Inoltre verificare che nella Basic SAML Configuration ci siano i riferimenti alla mia infrastruttura UAG pubblica.

Scarico il file XML con i metadata da utilizzare per configurare l’UAG

Importo il file XML nella infrastruttura UAG nelle configurazioni manuali in Identity Bridging Settings

Importo il file XML contenente i metadata selezionado Select

Una volta caricato sull’UAG il file XML con i metadata vado negli edge service settings ed entro nei nelle configurazioni

E configuro l’Auth Methods e l’identity Provider (che mi compare in automatico dopo aver caricato il file XML)

A questo punto posso procedere ad accedere e testare l’accesso con MFA.

BIOLNX

vmvirtual.blog

MFA

Azure MFA, UAG, Horizon and TRUE SSO – Step 5

Azure MFA, UAG, Horizon and TRUE SSO – Step 4

Azure MFA, UAG, Horizon and TRUE SSO – Step 3

Integrazione VMware Unified Access Gateway con autenticazione Azure MFA