After you create and enable a SAML authenticator so that Unified Access Gateway can be used as an identity provider, you can generate SAML metadata on that back-end system and use the metadata to create a service provider on the Unified Access Gateway appliance. This exchange of data establishes trust between the identity provider (Unified Access Gateway) and the back-end service provider, such as Horizon Connection Server.

Prerequisites

Verify that you have created a SAML authenticator for Unified Access Gateway on the back-end service provider server.

Procedure

  1. Retrieve the service provider SAML metadata, which is generally in the form of an XML file.
    For instructions, refer to the documentation for the service provider.
    Different service providers have different procedures. For example, you must open a browser and enter a URL such as: https:// connection-server.example.com/SAML/metadata/sp.xml

    You can then use a Save As command to save the Web page to an XML file. The contents of this file begin with the following text:

    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...
  2. In the Unified Access Gateway admin UI Configure Manually section, click Select.
  3. In the Advanced Settings section, click the SAML Server Provider Settings gearbox icon.
  4. In the Service Provider Name text box, enter the service provider name.
  5. In the Metadata XML text box, paste the metadata file you created in step 1.
  6. Click Save.

Results

Unified Access Gateway and the service provider can now exchange authentication and authorization information.