SAML

Configure Proxy Server for Horizon for SAML integration

fabio1975, , , , , , , , , Leave a comment

When we need to integrate a Horizon infrastructure to the cloud identity provider (like Workspace One Access SaaS solution) sometimes we need to manage firewall and proxy configuration.

For the Firewall rule, there is much information (KB link) while for the proxy server, we are not able to use Windows server configuration because Horizon ignores it.

To use a proxy server to permit communication to the IdP URL from Horizon Connection servers we need to configure some values on ADAM DB:

pae-SAMLProxyName

pae-SAMLProxyPort

To connect to ADAM DB and where modify the correct value

  • Connect with RDP session to Connection Server OS
  • Start from PowerShell adsedit

A close-up of a computer screen Description automatically generated

  • In the console tree select Connect to..

A screenshot of a computer Description automatically generated

  • Configure the connection with this information.

dc=vdi,dc=vmware,dc=int

localhost:389

A screenshot of a computer Description automatically generated

  • Expand ADAM ADSI tree under the object path: dc=vdi,dc=vmware,dc=int,ou=Properties,ou=Global
  • Click on value Common and modify the following value

pae-SAMLProxyName -> With Proxy URL

pae-SAMLProxyPort -> With Proxy Port

Now we can configure the SAML integration from Horizon and IdP

Some information about why we need to integrate and use Workspace One Access with Horizon:

Integration between VMware Horizon and VMware Workspace ONE Access (formerly called Workspace ONE) uses the SAML 2.0 standard to establish mutual trust, which is essential for single sign-on (SSO) functionality. When SSO is enabled, users who log in to VMware Workspace ONE Access or Workspace ONE with Active Directory credentials can launch remote desktops and applications without having to go through a second login procedure.

Configure Proxy Server for Horizon for SAML integration

VMware Horizon 2106

fabio1975, , , , , , , , , , , , Leave a comment

VMware a few days ago released a new Horizon Version.
The new build 2106 (8.3) brings with it some very interesting features from some relating to the security of intellectual property to those related to the Teams collaboration tool, here is a list of those that I consider the most interesting:

  • Implementation of GPO for blocking the ability to take screenshots of VDI sessions from Windows and MAC Clients
  • Possibility in the instant clone to use the Microsoft Sysprep (this function slows down the deployment of an IC by performing a series of reboots)
  • Functionality for applications of run indefinitely
  • Possibility to use TrueSSO SAML authentication for non-Trust domains
  • Horizon Agent has support for Windows Server 2022 (Currently in Preview)
  • The Horizon Client for Linux has the optimization for Teams (as in some versions the functionality for the Windows client was present)
  • Cloud Burst support to extend your on-prem workload to the Cloud in case of a high load.

More details in this video

VMware Horizon 8 (2106) What’s New – YouTube

VMware Horizon 2106