If you do not change the expiration period, View Connection Server will stop accepting SAML assertions from the SAML authenticator, such as Access Point or a third-party identity provider, after 24 hours, and the metadata exchange must be repeated.

About this task

Use this procedure to specify the number of days that can elapse before View Connection Server stops accepting SAML assertions from the identity provider. This number is used when the current expiration period ends. For example, if the current expiration period is 1 day and you specify 90 days, after 1 day elapses, View Connection Server generates metadata with an expiration period of 90 days.

Prerequisites

See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version.

Procedure

  1. Start the ADSI Edit utility on your View Connection Server host.
  2. In the console tree, select Connect to.
  3. In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int.
  4. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.

    For example: localhost:389 or mycomputer.example.com:389

  5. Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click CN=Common in the right pane.
  6. In the Properties dialog box, edit the pae-NameValuePair attribute to add the following values
    cs-samlencryptionkeyvaliditydays=number-of-days
    cs-samlsigningkeyvaliditydays=number-of-days

    In this example, number-of-days is the number of days that can elapse before a remote View Connection Server stops accepting SAML assertions. After this period of time, the process of exchanging SAML metadata must be repeated.