It’s solution time! NICE DCV has an very excellent support team, and after some email back and forth, it started to work.
Mea culpa, I made a couple of mistakes during installation.
- I forgot to configure the NICE DCV server to use the session-manager for external authentication. When a client connects to the NICE DCV server port, it needs to receive an authentication token that is generated and passed through to the DCV client.
- I had misconfigured my AWS Security Group that is in use for my VPC to let the DCV client access other machines (DCV gateway, Broker) on ports other than the Agent port.
So the proces I describe here is a bit different:
My understanding of the how this should work has changed:
- DCV Agent registers at DCV session manager
- Request a session with dcvcm CLI tool which talks to the session manager
- The session manager contacts the agent on the DCV server and requests a DCV session
- The agent creates a session and returns the ID
- The session manager at this point or at point 3 creates a security token for the DCV client to use
- The session manager returns the result (with the ID) to the request made in (2)
- To retrieve the security token, run a describe-session with dcvcm CLI with the ID returned
- DCV client connects to gateway (the ID and security token)
- DCV gateway queries session manager
- DCV client connects to DCV server through gateway
- The DCV server verifies the security token by asking the session-manager
- The DCV client gets login screen/desktop