The test environment was failing with this error when trying to open virtual desktops via the Horizon Workspace web page using VMware Blast. The virtual desktops were available with Blast when using a URL that pointed directly to the View Connection Server, not Horizon Workspace.
The desktops were available using the Horizon View Client instead of Horizon Workspace.
The test environment does not have any trusted certificates installed. They are all self-signed and the defaults used during the Horizon vApp setup.
1. Follow the documentation HERE to remove the certificate error on the Connection (View) Server. In the Horizon View Administrator web interface, the Connection Servers section may be red with a certificate error. This will occur until the self-signed certificate is imported into the Trusted Authorities Store on the server.
2. Enable SAML Authentication in Horizon View Administrator:
– Expand View Configuration
– Choose Servers
– Click the Connection Servers tab
– Click the Connection Server
– Click Edit
– Click Authentication tab
– Change the Delegation of authentication to VMware Horizon to ALLOWED
– Add a SAML Authenticator. Click Manage Authenticators and fill in the fields
– In the Metadata URL field, use the URL that you chose during the Gateway Appliance setup for external access.
– The Administration URL is optional
No reboot of the vApp seems to be necessary. Once all this is added, users should be able to open a desktop with Blast from the Horizon web page.