I'm at a loss. I've set up a root CA to sign all my Horizon Workspace servers, SAML is in the green, and after loads of reading a troubleshooting also synced time on all of my ESXi hosts and guests.
Basically what I've done is the following:
Set up VMware View Horizon 5.2 connection server - created various pools and can connect via the different platform clients. (a couple of times to eliminate any possible setup errors along the way)
Setup VMware View Horizon Workspace 1.0 (a few times now) with both self signed and CA signed certs. My workspace shows up fine, the files sync, apps work, and view pools show up. When I attempt to launch a desktop from inside of Horizon Workspace I get this error:
The page you were looking for is not available. You may need to contact your administrator with this error: 404 Page Not Found.
Now I think I've tracked it down to something to do with the SAML connection - which to my understanding it to pass tokens between workspace and view. On the connection server I see this in the Windows event log:
BROKER_USER_AUTHFAILED_SAML_ACCESS_REQUIRED
SAML access required but not attempted by client
Attributes:
Source=com.vmware.vdi.broker.filters.SamlAuthFilter
Time=Mon May 20 16:06:41 MDT 2013
Severity=AUDIT_FAIL
Node=ViewConnection.access360.ca
Module=Broker
Acknowledged=true
Something is not passing through to allow me to access my View desktops from the Horizon Workspace. If I remove the requirement of SAML on the View Connection Server, when I attempt to log into a desktop from the view connection server I get promoted for and can re-enter my login credentials & domain and have full access with View clients, as well as HTML blast - just can't get there with Horizon Workspace. It has to be something I'm missing with SAML...
As I said, I'm at a loss here as to what is not working between the Horizon Workspace and the SAML connection to the View Connection server. There is no security server, no transfer server, and firewalls are all off, so I don't believe it's a networking issue. Simple as possible. As the Windows Event log shows the connection server shows the error is: SAML access required but not attempted by client. I've got all my servers synced within a couple of seconds - so I don't think the documented time sync sensitivity of the Horizon Workspace vApp is responsible here. I'm packing it in for the night, but will be doing the exact same thing with a client tomorrow - hopefully without the same result!
Any ideas?
A