Skip to content
vJAL.nl
  • Partners
    • BDRSuite by Vembu
  • About me
  • Home
  • Search Icon
Testing the “True SSO configuration utility” fling

Testing the “True SSO configuration utility” fling

23 October 2020 Jesper Alberts Comments 0 Comment

As I recently rebuilt some components in my lab I had to set up True SSO again as well. Seeing as I prefer being lazy over being tired I decided it was a good moment to give the True SSO Configuration Utility fling a spin.
The fling won’t set up everything from A to Z, but it will save you from all the “vdmUtil” commands.

So before you can get started you’ll need to make sure your environment is ready to be configured (not in scope for this post), but the following post still stands as of today: VMware Horizon 7 True SSO: Setting Up In a Lab

When you hit section “2. Configure True SSO on the Horizon CS” it’s a good time to switch and continue with this post.

Table of Contents

  • Taking it for a spin
    • Step 1
    • Step 2
    • Step 3
    • Step 4
    • Step 5
  • Testing
  • Conclusion

Taking it for a spin

The fling uses the same commands as you’ll use when doing everything manually, so you’ll run it from a Connection Server.

Once fired up you’ll be welcomed by the screen displayed above.

Fill in all the values based on your environment, where the Workspace One Access name is the name of the SAML authenticator you created earlier on your Connection Server.

The Certificate Authority Server is the name displayed in the Certificate Authority mmc.

Once everything is filled in it should look something like below, which means we’re ready to start configuring True SSO!

All that remains is following all the steps provided within the fling, which should result in a functional True SSO setup.

The results in my environment are displayed below:

Step 1

Step 2

Step 3

Step 4

Step 5

And that should be it, everything should now be in place for True SSO to work.

Testing

To make sure everything is working as expected I’ve configured Workspace One Access to authenticate using Kerberos, which without True SSO, requires a second login with the users username and password.

As we are not prompted for a second login and we’re greeted with a Windows desktop everything appears to be working.

We can confirm this by checking the debug logs located in:

%PROGRAM_DATA%\VMware\VDM\logs\

As stated in the blog post mentioned earlier there are several lines which indicate True SSO working properly, I’ve snippets of two of those sections.

2020-10-23T10:10:08.135+02:00 DEBUG (096C-0BA4) <MessageFrameWorkDispatch> [wsnm_desktop] startSession added portal logon for user JAL\Administrator, timeout=900 secs, portalcount=1(1), preLaunchSession=0 {SESSION:9a8d_***_a898} 2020-10-23T10:10:08.135+02:00 INFO  (096C-0BA4) <MessageFrameWorkDispatch> [wsnm_certlogon] CertLogon: CryptoContainer created: id=234887619 {SESSION:9a8d_***_a898; SESSION:9a8d_***_a898}

2020-10-23T10:10:08.791+02:00 DEBUG (096C-0C3C) <MessageFrameWorkDispatch> [wsnm_desktop] DesktopManager got a StoreSessionCertificate message (52) 2020-10-23T10:10:08.791+02:00 DEBUG (096C-0C3C) <MessageFrameWorkDispatch> [wsnm_desktop] commandhandler::storeSessionCertificate(): CertSSO: CERTIFICATESSOID=37d15f21-9d4f-4156-953b-a6b947f1512b 2020-10-23T10:10:08.791+02:00 DEBUG (096C-0C3C) <MessageFrameWorkDispatch> [wsnm_certlogon] CertLogon: StoreContext ok, id=234887619 2020-10-23T10:10:08.791+02:00 DEBUG (096C-0C3C) <MessageFrameWorkDispatch> [wsnm_desktop] CertSso_StoreCertificate(): Certificate stored for contextId: 23488761

Conclusion

With this post I’m hoping this fling will get some extra time in the spotlight, as it really deserves it.
It takes the sting out of using all the commands with “vdmUtil”, which is something I personally never liked doing in the first place.

It makes setting up True SSO that much easier that I’m actually amazed this fling isn’t mentioned more often.

Please follow and like us:
Tweet

Horizon
Horizon, Identity Manager, ITQ, True SSO, Workspace One Access

Post navigation

PREVIOUS
September recap
NEXT
Parallel upgrading of Horizon Connection Servers (Horizon 8 2006+)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s stay in touch!

Twitter
LinkedIn

Blog sponsors

Recent Posts

  • Introducing BDRSuite v5.5.0 [sponsored]
  • Vembu Backup for Endpoints [sponsored]
  • Renewing your NVIDIA licenses on the DLS appliance
Retweet on Twitter Jesper Alberts Retweeted
Avatar Age Roskam @ageroskam ·
18 Jan

Next up: How to create on-demand packages in App Volumes.💽🖥️

#AppVolumes #vExpert #ITQlife

https://ageroskam.nl/vmware/create-an-on-demand-packages-in-app-volumes/

Reply on Twitter 1615710041901776896 Retweet on Twitter 1615710041901776896 2 Like on Twitter 1615710041901776896 9 Twitter 1615710041901776896
Retweet on Twitter Jesper Alberts Retweeted
Avatar Age Roskam @ageroskam ·
18 Jan

Published Apps on Demand are here📢. I hope you are exited as I am, cause this changes everything!

#AppVolumes #vExpert #ITQlife

https://ageroskam.nl/vmware/configure-published-apps-on-demand-in-horizon/

Reply on Twitter 1615732206806208512 Retweet on Twitter 1615732206806208512 1 Like on Twitter 1615732206806208512 8 Twitter 1615732206806208512
Avatar Jesper Alberts @jesperalberts ·
16 Jan

Part two is now live of our video series about setting up Mobile Threat Defense in conjunction with @WorkspaceONE. Thanks for the collaboration @r33mi!

ITQ @ITQ

Watch our new How To #ITQonversations video with @jesperalberts and @r33mi.

In this second part, they will show you how you can leverage the integration between Mobile Threat Defense and WS1. Don't forget to (re)watch part 1!

https://youtu.be/lETCwNaoAMM

Reply on Twitter 1614989600304365572 Retweet on Twitter 1614989600304365572 3 Like on Twitter 1614989600304365572 7 Twitter 1614989600304365572
Retweet on Twitter Jesper Alberts Retweeted
Avatar Richard Kasius @mrkasius ·
16 Jan

@JeffUlatoski talks about the new feature of #VMware App Volumes, Published Apps on Demand.

https://youtu.be/6f4gGH1paTU

Reply on Twitter 1614923807164096512 Retweet on Twitter 1614923807164096512 1 Like on Twitter 1614923807164096512 2 Twitter 1614923807164096512
Avatar Jesper Alberts @jesperalberts ·
13 Jan

Horizon 2212 is here, bringing Horizon Published Apps on Demand! https://docs.vmware.com/en/VMware-Horizon/8-2212/rn/vmware-horizon-8-2212-release-notes/index.html

Reply on Twitter 1613842185031487490 Retweet on Twitter 1613842185031487490 6 Like on Twitter 1613842185031487490 14 Twitter 1613842185031487490
Load More

Archives

  • December 2022
  • October 2022
  • August 2022
  • July 2022
  • June 2022
  • March 2022
  • August 2021
  • January 2021
  • October 2020
  • August 2020

Categories

  • BCDR
  • Certification
  • Dynamic Environment Manager
  • Horizon
  • NVIDIA vGPU
  • Partners
  • Personal
  • PowerCLI
  • Secure Email Gateway
  • UAG
  • Uncategorized

Tags

Back-up BCDR Certificates Certification DEM Dynamic Environment Manager Horizon Identity Manager ITQ Job Licensing Microsoft 365 NVIDIA Personal PowerCLI Replication SEG SEGv2 SSL SSLLABS Troubleshooting True SSO UAG Upgrading VCAP VCIX Vembu vGPU VMware Tools VMware vSphere Workspace One Access
© 2023   All Rights Reserved.
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}