Symptoms
Adding a static SAML authenticator in Horizon fails with one or the other error, predominantly with the error message:
ERROR (066C-14EC) <ajp-nio-8009-exec-6> [FaultUtil] InvalidArgument(parameter: server.staticMetadata): StaticMetadata with this entityID already in use.
Cause
Horizon customers who want to configure a 3rd party IDP support must use UAG.This is typically for remote access with UAG in the DMZ or cloud edge.UAG can also be deployed internally in front of the Connection Server to support the SAML IDP auth.
Resolution
Connection Server Requirements
The Entity ID in the static metadata should be a valid http/https URL.The Entity ID (metadata URL) should be reachable/resolvable from the Connection server machine.The Entity ID (metadata URL) should match the Issuer in the SAML assertion.
Once the above criteria are met, third-party SAML authentication with UAG in front should work.If not then contact VMware support following How to view and update Support Requests in Customer Connect (2007048).
Related Information
This is a child article of : Unified Access Gateway(UAG): Deployment, Troubleshooting and Best Practice Guidance (92412)Enabling SAML 2.0 Authentication for Horizon with Unified Access Gateway and Okta: VMware Horizon Operational Tutorial While vendor-specific, This offers a great walkthrough on broad set-up steps.Configure SAML Authentication for Admin UI Official Documentation for SAML setup with Horizon.
