Third-party solutions such as load balancers and gateways can perform smart card authentication by passing a SAML assertion that contains the smart card's X.590 certificate and encrypted PIN.

This topic outlines the tasks involved in setting up third-party solutions to provide the relevant X.590 certificate to Connection Server after the certificate has been validated by the partner device. Because this feature uses SAML authentication, one of the tasks is to create a SAML authenticator in Horizon Administrator.

For information about configuring smart card authentication on Unified Access Gateway, see Deploying and Configuring Unified Access Gateway.


  1. Create a SAML authenticator for the third-party gateway or load balancer.
  2. Extend the expiration period of the Connection Server metadata so that remote sessions are not terminated after only 24 hours.
  3. If necessary, configure the third-party device to use service provider metadata from Connection Server.
    See the product documentation for the third-party device.
  4. Configure smart card settings on the third-party device.
    See the product documentation for the third-party device.