Omnissa Unified Access Gateway 2412

What’s new :

Unified Access Gateway 2412 provides the following new features and enhancements:

• Transition Update
  • The transition from Broadcom to Omnissa is now complete. The Unified Access Gateway Admin user interface, configuration strings, and file paths have been updated to reflect the new Omnissa brand.
  • As HTML Access is renamed to Web Client, the related keys and Admin UI settings on Unified Access Gateway are also renamed.

• Operating System Update
  • Following the transition from Broadcom to Omnissa, the Unified Access Gateway now uses the AlmaLinux operating system. AlmaLinux is an open-source, community-driven Linux operating system. Unified Access Gateway 2412 uses AlmaLinux 9.2.
  • Compatibility between ALMA 9.2 and ESXi (vSphere/vCenter)
    • Unified Access Gateway 2412 supports vSphere 7.x and later only. See Omnissa Interoperability Matrix.
      
• Users can now configure Unified Access Gateway to perform OpenID Connect (OIDC) authentication. See OpenID Connect (OIDC).
  
• Administrators can now configure Gateway Specification that will allow only the required services for that specification type to run on the appliance. See Gateway Specification in Deploying to vSphere using the OVF Template Wizard.
  
• Security Improvements
  • Added protection against user impersonation attack to ensure a desktop launch session is sent from the same client endpoint where it was generated when Unified Access Gateway is used with SAML authentication in Service Provider initiated mode.
  • Added protection against SAML assertion replay attack to ensure that the SAML assertion issued by an Identity Provider can be used only once in its lifetime.
  • In case of Smart card, RADIUS and RSA SecurID authentication, Unified Access Gateway issues a SAML assertion (containing the end user attributes) to Horizon Connection Server. Added support for encrypting this assertion.
  • Change in the default value of SAML Authentication request signature algorithm from SHA-1 to SHA-256.
  • On FIPS version of Unified Access Gateway, Extended Master Secret extension is mandatory for TLS 1.2 connections.
  • Updates to TLS Ciphers. See System configuration.
    
• Added compatibility with Horizon Connection Server’s support for handling encrypted SAML assertion, issued by Identity Providers. See Encrypted assertion between Unified Access Gateway and auth methods.
  
• On the Upload Identity Provider Metadata section of the Admin UI, you can now view all the uploaded certificates present in the Identity Provider metadata.
  
• Logging improvements.
  
• Updates to OS package versions and Java component versions.