The Security Assertion Markup Language (SAML) is an XML-based standard that is used to describe and exchange authentication and authorization information between different security domains. SAML passes information about users between identity providers and service providers in XML documents called SAML assertions.
The Workspace Portal and View integration implementation uses the SAML 2.0 standard to establish mutual trust, which is essential for single sign-on (SSO) functionality. When SSO is enabled, users who log in to Workspace Portal with Active Directory credentials can launch remote desktops and applications without having to go through a second login procedure.
When Workspace Portal and View are integrated, Workspace Portal Manager generates a unique SAML artifact whenever a user logs in to Workspace Portal and clicks a desktop or application icon. Workspace Portal Manager uses this SAML artifact to create a Universal Resource Identifier (URI). The URI contains information about the View Connection Server instance where the desktop or application pool resides, which desktop or application to launch, and the SAML artifact.
Workspace Portal Manager sends the SAML artifact to the Horizon client through Workspace Portal, which in turn sends the artifact to the View Connection Server instance. The View Connection Server instance uses the SAML artifact to retrieve the SAML assertion from Workspace Portal Manager through Workspace Portal.
After a View Connection Server instance receives a SAML assertion, it validates the assertion, decrypts the user's password, and uses the decrypted password to launch the desktop or application.
Setting up Workspace Portal and View integration involves configuring Workspace Portal with View information and configuring View to delegate responsibility for authentication to Workspace Portal.
To delegate responsibility for authentication to Workspace Portal, you must create a SAML authenticator in View. A SAML authenticator contains the trust and metadata exchange between View and Workspace Portal. You associate a SAML authenticator with a View Connection Server instance.
If you intend to provide access to your desktops and applications through Workspace Portal, verify that you create the desktop and application pools as a user who has the Administrators role on the root access group in View Administrator. If you give the user the Administrators role on an access group other than the root access group, Workspace Portal will not recognize the SAML authenticator you configure in View, and you cannot configure the pool in Workspace Portal.