Configuring Identity Bridging on Unified Access Gateway
- Click the New Tab button to open a new tab
- Browse to
https://uagmgt-int.airwlab.com:9443/admin
or click on the UAG Internal Admin Console bookmark - Enter
admin
for the username - Enter
VMware1!
for the password - Click Login
2. Configure Identity Provider
Click the Gear for Upload Identity Provider Metadata under Advanced Settings
3. Upload the Identity Provider Metadata
- Click on Select
- Click on Downloads folder
- Select
idp.xml
file - Click Open
- Click Save
After hit Save, you should receive a message "Configuration saved successfully"
NOTE: The Entity ID will be detected from the IDP metadata XML, so no need to enter this manually.
5. Update the Keytab Settings
- Enter
HTTP/[email protected]
for Principal Name - Click on Select
- Click on Local Disk (C:) folder
- Select
it.keytab
file - Click Open
- Click Save
After hit Save, you should receive a message "Keytab upload is successful"
NOTE: The first Principal Name found on the Keytab file will be used when not provided, if your Keytab contain multiple Principal Names it's recommend that you inform the Principal Name to be used.
7. Add a Realm Setting
Click Add
8. Configure the Realm Settings
- Enter
CORP.LOCAL
for Name of the realm
NOTE - This entry MUST BE IN CAPITAL. It is advised to copy the value directly or drag and drop it from the VLP Manual for accuracy. - Enter
corp.local
for Key Distribution Centers - Enter
3
for KCD Timeout (in seconds) - Click Save
After hit Save, you should receive a message "Configuration saved successful"
9. Close the Realm Settings
Realm settings is done.
Click Close.
10. Configure Identity Bridging
- If the Edge Service Setings are currently hidden, click the Show toggle to display the settings
- Select the Gear icon for Reverse Proxy Settings
11. Open the itbudget Reverse Proxy Settings
Select the Gear icon for the itbudget Reverse Proxy Instance
12. Update the itbudget Reverse Proxy Settings
- Click NO to show the Enable Identity Bridging, it will switch to YES after you click
- Select SAML for Authentication Types
- Select https://vidm.airwlab.com for Identity Provider
- Select HTTP/[email protected] for Keytab
- Enter
HTTP/[email protected]
for Target Service Principal Name - Enter
/
for Service Landing Page - Click Download SAML service provider metadata - it will show up another screen
NOTE: DO NOT CLICK SAVE YET! Continue to the next step.
13. Download the SAML Service Provider Metadata
- Enter
uag.airwlab.com
for External Host Name - Click Download
A file named uag.airwlab.com.xml will be download into the Downloads folder, this file will be used during the Web App setup in VMware Identity Manager.
14. Save the Reverse Proxy Settings
Click Save.