F5 APM with Horizon View Smart Cards

The answer depends on the version you're talking about. With 1.5 you have to do some crazy, undocumented SAML negotiations between HWS and APM. With 1.8 you can now simply use Kerberos SSO to HWS. I don't know that you're going to find any specific configuration documentation though.

I am using F5 APM 11.6 and VMware Horizon View 6.0. Does anyone have any infpo on Smart Card configuration in F5?

For some reason my brain read Horizon "Workspace" and not Horizon View. I won't be sad when they officially change the names of those two products. So the answer is actually very different for Horizon View, but it's not what you're going to want to hear. Right now, today, View natively supports smartcard authentication. But because the smartcard authentication itself is so tightly woven into the XML messaging between the Connection Server and View client, you cannot simply drop a proxy server in front of the Connection Server, terminate the client side SSL, consume the client certificate, and do some other type of authentication on the server side. The Connection Server MUST get the client's certificate directly from the client. You can technically throw LTM ProxySSL (SSL man-in-the-middle) in the ring, and that will work, but it negates any use of APM. All of that said, there are changes brewing that may eventually address this issue, but today it isn't possible to offload smartcard authentication in front of View Connection Server.

Thanks, Kevin! This answers my questions!

Kevin, Is it supported now to use APM for smart card authentication?