You can configure Web Reverse Proxy service to use Access Point with VMware Identity Manager.


Requirements for Access Point deployment with VMware Identity manager.

  • Split DNS
  • VMware Identity Manager service must have fully qualified domain name (FQDN) as hostname.
  • Access Point must use internal DNS. This means that the proxyDestination URL must use FQDN.


  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings > Edge Service Settings line, click Show.
  3. Click the Reverse Proxy Settings gearbox icon.
  4. In the Reverse Proxy Settings page, change NO to YES to enable reverse proxy.
  5. Configure the following edge service settings resources for Horizon.
    Option Description
    Identifier The edge service identifier is set to WEB_REVERSE_PROXY.
    Proxy Destination URL Enter the address of the VMware Identity Manager server. For example, enter as
    Proxy Destination URL Thumbprints Enter a list of acceptable SSL server certificate thumbprints for the proxyDestination URL. If you include the wildcard *, any certificate is allowed. A thumbprint is in the format [alg=]xx:xx, where alg can be sha1, the default or md5. The 'xx' are hexadecimal digits. For example, sha=C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3

    If you do not configure the thumbprints, the server certificates must be issued by a trusted CA.

    Proxy Pattern Enter the matching URI paths that forward to the destination URL. For example, enter as (/|/SAAS(.*)|/hc(.*)|/web(.*)|/catalog-portal(.*)).
  6. To configure other advanced settings, click More.
    Option Description
    Auth Methods

    The default is to use pass-through authentication of the user name and password. The authentication methods you configured in Access Point are listed in the drop-down menus. The authentication methods you configured in Access Point are listed in the drop-down menu.

    Health Check URL If a load balancer is configured, enter the URL that the load balancer uses to connect and check the health of the Access Point appliance.

    Enter the name of the SAML service provider for the View XML API broker. This name must either match the name of a configured service provider metadata or be the special value DEMO.

    Activation Code Enter the code generated by VMware Identity Manager service and imported into Access Point to set up trust between VMware Identity Manager and Access Point.
    External URL The default value is the Access Point host URL, port 443. You can enter another external URL. Enter as https://<host:port>.
  7. Click Save.