Configuring Identity Bridging on Unified Access Gateway

Access to UAG Console
  1. Click the New Tab button to open a new tab
  2. Browse to https://uagmgt-int.airwlab.com:9443/admin or click on the UAG Internal Admin Console bookmark
  3. Enter admin for the username
  4. Enter VMware1! for the password
  5. Click Login

1. Select Configure Manually

Select Manual Configuration

Click Select under Configure Manually

2. Configure Identity Provider

Advanced Settings IdP Metadata

Click the Gear for Upload Identity Provider Metadata under Advanced Settings

3. Upload the Identity Provider Metadata

Set iDP Metadata
  1. Click on Select
  2. Click on Downloads folder
  3. Select idp.xml file
  4. Click Open
  5. Click Save

After hit Save, you should receive a message "Configuration saved successfully"

NOTE: The Entity ID will be detected from the IDP metadata XML, so no need to enter this manually.

4. Configure Keytab

Advanced Settings Keytab

Click the Gear for Upload Keytab Settings under Advanced Settings

5. Update the Keytab Settings

Set Keytab
  1. Enter HTTP/[email protected] for Principal Name
  2. Click on Select
  3. Click on Local Disk (C:) folder
  4. Select it.keytab file
  5. Click Open
  6. Click Save

After hit Save, you should receive a message "Keytab upload is successful"

NOTE: The first Principal Name found on the Keytab file will be used when not provided, if your Keytab contain multiple Principal Names it's recommend that you inform the Principal Name to be used.

6. Configure REALM

Advanced Settings Realm

Click the Gear for Realm Settings under Advanced Settings

7. Add a Realm Setting

Add Relm Settings

Click Add

8. Configure the Realm Settings

Realm Settings
  1. Enter CORP.LOCAL for Name of the realm
    NOTE - This entry MUST BE IN CAPITAL.  It is advised to copy the value directly or drag and drop it from the VLP Manual for accuracy.
  2. Enter corp.local for Key Distribution Centers
  3. Enter 3 for KCD Timeout (in seconds)
  4. Click Save

After hit Save, you should receive a message "Configuration saved successful"

9. Close the Realm Settings

Realm configured

Realm settings is done.

Click Close.

10. Configure Identity Bridging

Access Reverse Proxy settings
  1. If the Edge Service Setings are currently hidden, click the Show toggle to display the settings
  2. Select the Gear icon for Reverse Proxy Settings

11. Open the itbudget Reverse Proxy Settings

Setup itbudget instance

Select the Gear icon for the itbudget Reverse Proxy Instance

12. Update the itbudget Reverse Proxy Settings

Config identity bridging
  1. Click NO to show the Enable Identity Bridging, it will switch to YES after you click
  2. Select SAML for Authentication Types
  3. Select https://vidm.airwlab.com for Identity Provider
  4. Select HTTP/[email protected] for Keytab
  5. Enter HTTP/[email protected] for Target Service Principal Name
  6. Enter / for Service Landing Page
  7. Click Download SAML service provider metadata - it will show up another screen

NOTE: DO NOT CLICK SAVE YET!  Continue to the next step.

13. Download the SAML Service Provider Metadata

Download SAML SP metadata
  1. Enter uag.airwlab.com for External Host Name
  2. Click Download

A file named uag.airwlab.com.xml will be download into the Downloads folder, this file will be used during the Web App setup in VMware Identity Manager.

14. Save the Reverse Proxy Settings

Config identity bridging

Click Save.

15. Confirm the Reverse Proxy Settings Saved

Configuration saved sucessfully

Confirm the Configuration is saved successfully message is displayed.