{"id":52626,"date":"2022-05-19T09:00:36","date_gmt":"2022-05-19T07:00:36","guid":{"rendered":"https:\/\/nolabnoparty.com\/?p=52626"},"modified":"2026-04-29T12:25:01","modified_gmt":"2026-04-29T10:25:01","slug":"vmware-horizon-true-sso-configuration-pt-2","status":"publish","type":"post","link":"https:\/\/nolabnoparty.com\/en\/vmware-horizon-true-sso-configuration-pt-2\/","title":{"rendered":"VMware Horizon True SSO configuration - pt.2"},"content":{"rendered":"<p><img decoding=\"async\" class=\"aligncenter wp-image-53012 size-full\" title=\"horizon-saml-true-sso-setup-pt2-01\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-01.jpg\" alt=\"horizon-saml-true-sso-setup-pt2-01\" width=\"602\" height=\"202\" \/><\/p>\n<p>VMware Horizon True SSO eliminates the <strong>requirement of entering the credentials twice<\/strong>\u00a0while accessing VMware Horizon desktops and published applications.<\/p>\n<p>After installing the Enrollment Servers and configured the CA accordingly, the <strong>export\/import<\/strong> of the certificate and the <strong>SAML configuration<\/strong> are the next steps to perform.<!--more--><\/p>\n<p>&nbsp;<\/p>\n<h2>Blog series<\/h2>\n<p><a href=\"https:\/\/nolabnoparty.com\/en\/vmware-horizon-true-sso-configuration-pt-1\/\">VMware Horizon True SSO configuration - pt.1<\/a><br \/>\nVMware Horizon True SSO configuration - pt.2<br \/>\n<a href=\"https:\/\/nolabnoparty.com\/en\/vmware-horizon-true-sso-configuration-pt-3\/\">VMware Horizon True SSO configuration - pt.3<\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Export the Enrollment Service Client Certificate<\/h2>\n<p>From a Connection Server, <strong>open the Certificate console<\/strong> by running the <strong>certlm.msc<\/strong> command.<\/p>\n<p>Expand <strong>VMware Horizon View Certificates<\/strong> and select <strong>Certificates<\/strong>. Search from the list the certificate with the <strong>Friendly Name vdm.ec<\/strong>\u00a0(all Connection Servers have the same certificate). Right click the certificate and select\u00a0<strong>All Tasks &gt; Export<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53014\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-02-600x303.jpg\" alt=\"\" width=\"600\" height=\"303\" title=\"\"><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53016\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-03.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Select <strong>No, do not export the private key<\/strong> then click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53018\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-04.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Select <strong>DER encoded binary X.509 (.CER)<\/strong> format and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53020\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-05.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Enter a <strong>File Name<\/strong> for the certificate to export and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53022\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-06.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Click <strong>Finish<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53024\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-07.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53026\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-08.jpg\" alt=\"\" width=\"191\" height=\"148\" title=\"\"><\/p>\n<p>Copy the exported certificate to the Enrollment Server.<\/p>\n<p>&nbsp;<\/p>\n<h2>Import the certificate to the Enrollment Server<\/h2>\n<p>In the Enrollment Server <strong>open the Certificates console<\/strong> with <strong>certlm.msc<\/strong>.<\/p>\n<p>Right click <strong>VMware Horizon View Enrollment Server Trusted Roots<\/strong> and select <strong>All Tasks &gt; Import<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53028\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-09-600x490.jpg\" alt=\"\" width=\"600\" height=\"490\" title=\"\"><\/p>\n<p>Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53030\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-10.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Click <strong>Browse<\/strong> to select the certificate file previously exported from the Connection Server and click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53032\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-11.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Select <strong>Place all certificates in the following store<\/strong> option and select <strong>VMware Horizon View Enrollment Server Trusted Roots<\/strong>. Click <strong>Next<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53034\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-12.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>Click <strong>Finish<\/strong> to import the certificate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53036\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-13.jpg\" alt=\"\" width=\"535\" height=\"523\" title=\"\"><\/p>\n<p>The certificate has been imported successfully. Click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53038\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-14.jpg\" alt=\"\" width=\"247\" height=\"165\" title=\"\"><\/p>\n<p>The imported certificate.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53040\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-15-600x248.jpg\" alt=\"\" width=\"600\" height=\"248\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h2>Configure SAML authentication for Horizon True SSO<\/h2>\n<p>To take advantage of True SSO, you need to\u00a0<strong>create an application<\/strong> in your Azure environment first.<\/p>\n<p>Follow\u00a0<a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-configure-azure-mfa-saml\/\">this procedure<\/a> to create in Azure the appropriate application for the <a href=\"https:\/\/nolabnoparty.com\/en\/vmware-uag-dns-resolution-issue\/\">Unified Access Gateway<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<h4>Download the <strong>Federation Metadata XML from the\u00a0Identity Provider<\/strong><\/h4>\n<p>Login in the <a href=\"https:\/\/portal.azure.com\" target=\"_blank\" rel=\"noopener\">Azure portal<\/a> and go to <strong>Azure Active Directory &gt; Enterprise applications<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53042\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-16-600x247.jpg\" alt=\"\" width=\"600\" height=\"247\" title=\"\"><\/p>\n<p>From the <strong>All applications<\/strong> area, click the <strong>application link name<\/strong> created for UAG.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53044\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-17-600x472.jpg\" alt=\"\" width=\"600\" height=\"472\" title=\"\"><\/p>\n<p>Go to <strong>Single sign-on<\/strong> area and search for <strong>SAML Signing Certificate<\/strong> section. In the <strong>Federation Metadata XML<\/strong> field click the corresponding <strong>Download<\/strong> link.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53046\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-18-600x267.jpg\" alt=\"\" width=\"600\" height=\"267\" title=\"\"><\/p>\n<p>Save the file anywhere in your computer. Click <strong>OK<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53048\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-19.jpg\" alt=\"\" width=\"434\" height=\"343\" title=\"\"><\/p>\n<p>&nbsp;<\/p>\n<h4>Configure the UAG<\/h4>\n<p>Access the UAG login page, enter the credentials and click <strong>Login<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-53050\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-20.jpg\" alt=\"\" width=\"450\" height=\"500\" title=\"\"><\/p>\n<p>Click <strong>Select<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53052\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-21-600x327.jpg\" alt=\"\" width=\"600\" height=\"327\" title=\"\"><\/p>\n<p>Under <strong>Identity Bridging Settings<\/strong>, select the <strong>gear icon<\/strong> next to <strong>Upload Identity Provider Metadata<\/strong> option.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53054\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-22-600x211.jpg\" alt=\"\" width=\"600\" height=\"211\" title=\"\"><\/p>\n<p>Click <strong>Select<\/strong> link next to <strong>IDP Metadata<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53056\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-23-600x221.jpg\" alt=\"\" width=\"600\" height=\"221\" title=\"\"><\/p>\n<p>Select the previously downloaded <strong>Federation Metadata XML<\/strong> file and click <strong>Save<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53058\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-24-600x221.jpg\" alt=\"\" width=\"600\" height=\"221\" title=\"\"><\/p>\n<p>Under <strong>General Settings<\/strong>, enable the <strong>Edge Service Settings<\/strong> selector and click the <strong>gear icon<\/strong> next to <strong>Horizon Settings<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53060\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-25-600x334.jpg\" alt=\"\" width=\"600\" height=\"334\" title=\"\"><\/p>\n<p>At the bottom of the window, click <strong>More<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53062\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-26-600x555.jpg\" alt=\"\" width=\"600\" height=\"555\" title=\"\"><\/p>\n<p>From <strong>Auth Methods<\/strong> drop-down menu, select <strong>SAML<\/strong>.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53064\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-27-600x339.jpg\" alt=\"\" width=\"600\" height=\"339\" title=\"\"><\/p>\n<p>Select the value from the <strong>Identity Provider<\/strong> drop-down menu (<strong>https:\/\/sts.windows.net<\/strong> in the example)\u00a0and click <strong>Save<\/strong> at the bottom to save the configuration.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-large wp-image-53066\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/2022\/04\/horizon-saml-true-sso-setup-pt2-28-600x495.jpg\" alt=\"\" width=\"600\" height=\"495\" title=\"\"><\/p>\n<p>The SAML authentication is now configured in the UAG. Repeat same procedure also for the <strong>second UAG<\/strong>.<\/p>\n<p><a href=\"https:\/\/nolabnoparty.com\/en\/vmware-horizon-true-sso-configuration-pt-3\/\">Part 3<\/a> will cover the <strong>configuration of the True SSO<\/strong> in the Connection Server and the <strong>test to check<\/strong> that True SSO works as expected.<\/p>\n<p><img decoding=\"async\" title=\"signature\" src=\"https:\/\/nolabnoparty.com\/wp-content\/uploads\/images\/firma.jpg\" alt=\"signature\" \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware Horizon True SSO eliminates the requirement of entering the credentials twice\u00a0while accessing VMware Horizon desktops and published applications. After installing the Enrollment Servers and configured the CA accordingly, the export\/import of the certificate and the SAML configuration are the next steps to perform.<\/p>\n","protected":false},"author":3,"featured_media":53012,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":{"linkedin_93tdZWzMZc_93tdZWzMZc":"","facebook_2879994398731222_17841400390232720":"","twitter_113568041_113568041":"","mastodon_115463926174894442_115463926174894442":""},"rop_publish_now_history":[],"rop_publish_now_status":"pending","footnotes":""},"categories":[1025,2905],"tags":[688,1711,2448,2447],"class_list":["post-52626","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-horizon-en","category-omnissa-en","tag-active-directory-en","tag-horizon","tag-saml","tag-true-sso","has_thumb"],"_links":{"self":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/52626","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/comments?post=52626"}],"version-history":[{"count":0,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/posts\/52626\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media\/53012"}],"wp:attachment":[{"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/media?parent=52626"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/categories?post=52626"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nolabnoparty.com\/en\/wp-json\/wp\/v2\/tags?post=52626"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}