Release date: December 13th 2020
Welcome to my VMware True SSO (single sign-on) series. In this sub-section I will describe how I configured True SSO on my Connection server and on my Workspace One Access server. The first ting I must do is to verify that True SSO is enable in VMware Horizon Administrator GUI. From Settings – Global Settings I verify my enabled SSO setting.
Next I verify the SAML-set up on the Connection server. I select my Connection Server and click “Edit“
From the Authentication tab, I have already configured my Workspace One Access server as a SAML Authenticator, as part of my Workspace One set up, but I click Manage SAML Authenticators.
If I hadn’t already set up my Workspace One Access server as a SAML Authenticator, I would have clicked ADD to set up a new server. Instead I clicked Edit to show my set up below. The important ting to notice below is the use of FQDN. This requires a working DNS-resolution. I my Lab I have set up a “Split Brain DNS setup” in order to resolve the frelab.net hostnames to the actual DMZ-addresses, not the external addresses.
Finally, I Enable True SSO in Workspace One Access
With that my VMware True SSO Lab setup is complete, the only thing that remains is testing this in an actual production environment with Smart Cards and certificates based authentication.
VMware Horizon (2006) documentation: Setting Up True SSO
VMware Workspace ONE and VMware Horizon Reference Architecture
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.
bjosoren's IT-Tech blog 