Third-party solutions such as load balancers and gateways can perform smart card authentication by passing a SAML assertion that contains the smart card's X.590 certificate and encrypted PIN.

This topic outlines the tasks involved in setting up third-party solutions to provide the relevant X.590 certificate to Connection Server after the certificate has been validated by the partner device. Because this feature uses SAML authentication, one of the tasks is to create a SAML authenticator in Horizon Console.

For information about configuring smart card authentication on Unified Access Gateway, see the Unified Access Gateway documentation.

Procedure

  1. Create a SAML authenticator for the third-party gateway or load balancer.
    See Configure a SAML Authenticator in Horizon Console.
  2. Extend the expiration period of the Connection Server metadata so that remote sessions are not terminated after only 24 hours.
    See Change the Expiration Period for Service Provider Metadata on Connection Server.
  3. If necessary, configure the third-party device to use service provider metadata from Connection Server.
    See the product documentation for the third-party device.
  4. Configure smart card settings on the third-party device.
    See the product documentation for the third-party device.