VMware Unified Access Gateway is a Linus appliance which work as a proxy between external network clients and VDI machine hosted on-prem or cloud.
The Security Assertion Markup Language (SAML) is an XML-based standard that is used to describe and exchange authentication and authorization information between different security domains. SAML passes information about users between identity providers and service providers in XML documents called SAML assertions.
When SAML is integrated with UAG and if proxy pattern is configured incorrectly, it may throw below error:
The above message may appear in both the Single and Double DMZ UAG configuration.
The may appear due to misconfigured proxy pattern.
In this blog we have a Double DMZ setup. DMZ1 UAG is configured for Reverse Proxy for DMZ2 UAG.
User is able to access horizon resource via View client but it failed when try to access using HTML
As per the log:
nioEventLoopGroup-7-3]WARN networkcore.HttpsRequestRouter[channelRead: 158][]: Error message:null. No proxying rules for http request GET /broker/resources/icon/64280E7D3547FA9D5906B8CDCF300922-broker.png08/25
nioEventLoopGroup-12-2]WARN networkcore.HttpsRequestRouter[channelRead: 158][]: Error message:null. No proxying rules for http request GET /view-client/1.0/index.html?SAMLart=92ddfd83-a125-49f3-9f32-297965555933
To allow these, they must be included in their URL pattern of allowed URLs that they configure on any reverse proxy. e.g.
(/broker/xml(.*)|/xmlapi(.*)|/broker/resources/(.*)|/ice/(.*)|/r/(.*)|/portal(.*)|/view-client/(.*)|/)(/broker/xml(.*)|/xmlapi(.*)|/broker/resources/(.*)|/ice/(.*)|/r/(.*)|/portal(.*)|/appblast(.*)|/view-client/(.*)|/)