After you create and enable a SAML authenticator for the identity provider you want to use, you might need to generate Connection Server metadata. You use this metadata to create a service provider on the Unified Access Gateway appliance or a third-party load balancer that is the identity provider.

Prerequisites

Verify that you have created a SAML authenticator for the identity provider: Unified Access Gateway or a third-party load balancer or gateway. In the System Health section on the Horizon Administrator dashboard, you can select Other components > SAML 2.0 Authenticators, select the SAML authenticator that you added, and verify the details.

Procedure

  1. Open a new browser tab and enter the URL for getting the Connection Server SAML metadata.
    https://connection-server.example.com/SAML/metadata/sp.xml

    In this example, connection-server.example.com is the fully qualified domain name of the Connection Server host.

    This page displays the SAML metadata from Connection Server.
  2. Use a Save As command to save the Web page to an XML file.
    For example, you could save the page to a file named connection-server-metadata.xml. The contents of this file begin with the following text:
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ...

What to do next

Use the appropriate procedure on the identity provider to copy in the Connection Server SAML metadata. Refer to the documentation for Unified Access Gateway or a third-party load balancer or gateway.