You can configure Web Reverse Proxy service to use Access Point with VMware Identity Manager.

Prerequisites

Requirements for Access Point deployment with VMware Identity manager.

  • Split DNS

  • VMware Identity Manager service must have fully qualified domain name (FQDN) as hostname.

  • Access Point must use internal DNS. This means that the proxyDestination URL must use FQDN.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings > Edge Service Settings line, click Show.
  3. Click the Reverse Proxy Settings gearbox icon.
  4. In the Reverse Proxy Settings page, change NO to YES to enable reverse proxy.
  5. Configure the following edge service settings resources for Horizon.

    Option

    Description

    Identifier

    The edge service identifier is set to WEB_REVERSE_PROXY.

    Proxy Destination URL

    Enter the address of the VMware Identity Manager server. For example, enter as https://vmwareidentitymgr.example.com.

    Proxy Destination URL Thumbprints

    Enter a comma-separated list of acceptable SSL server certificate thumbprints for the proxyDestination Url. If you include the wildcard *, any certificate is allowed. This is a colon-separated list of thumbprints. A thumbprint is in the format [alg=]xx:xx, where alg can be sha1, the default or md5. The 'xx' are hexicdecimal digits. For example, sha=C3:89:A2:19:DC:7A:48:2B:85:1C:81:EC:5E:8F:6A:3C:33:F2:95:C3

    If you do not configure the thumbprints, the server certificates must be issued by a trusted CA.

    Proxy Pattern

    Enter the matching URI paths that forward to the destination URL. For example, enter as (/|/SAAS(.*)|/hc(.*)|/web(.*)|/catalog-portal(.*)).

  6. To configure other advanced settings, click More.

    Option

    Description

    Auth Methods

    The default is to use pass-through authentication of the user name and password. The authentication methods you configured in Access Point are listed in the drop-down menus. The authentication methods you configured in Access Point are listed in the drop-down menu.

    Health Check URL

    If a load balancer is configured, enter the URL that the load balancer uses to connect and check the health of the Access Point appliance.

    SAML SP

    Enter the name of the SAML service provider for the WRONG WRONG WRONG tip

    Activation Code

    Enter the code generated by VMware Identity Manager service and imported into Access Point to set up trust between VMware Identity Manager and Access Point.

    External URL

     
  7. Click Save.