CTX202178
2015-09-22
1970-01-01

How to Configure SAML SSO Authentication between NetScaler Gateway and Load Balancing Virtual Servers - Part II

Creating AAA Virtual Server and Binding the SAML Policy.

Objective

This article describes how to configure SAML SSO authentication between NetScaler Gateway and load balancing virtual server.

Click on the link to review part 1 of the article?? CTX138988 - How to Configure SAML SSO Authentication between NetScaler Gateway and Load Balancing Virtual Servers?? - Part 1

Instructions

Creating AAA Virtual Server and Binding the SAML Policy

  1. In the?? Configuration?? tab, navigate?? Security?? >?? AAA - Application Traffic?? >?? Virtual Servers?? and click?? Add
  2. In the?? Create RSA Key?? field, specify the options:
    • Name, example:?? av_saml
    • IP Address Type, validate IP Address is specified.
    • IP Address, example:?? 192.168.10.102
    • Port, example:?? 8443
    • Click?? OK
The Command-line Interface equivalent to the Graphical User Interface.
add authentication vserver?? av_saml SSL 192.168.10.102 8443
??
  1. In the?? Configuration?? tab, navigate?? NetScaler Gateway?? >?? Policies?? >?? Authentication?? >?? SAML?? and click on the?? Servers?? tab
  2. Click?? Add
  3. In the?? Configuration Authentication SAML Server, specify the options:
    • Name, example:?? samlssoact1
    • IDP Certificate Name, example:?? NCCP
    • Redirect URL, example:?? https://auth1.training.lab
    • Click?? OK
The Command-line Interface equivalent to the Graphical User Interface.
add authentication samlAction?? samlssoact1?? -samlIdPCertName?? NCCP?? -samlRedirectUrl?? https://auth1.training.lab
  1. In the?? Configuration?? tab, navigate?? NetScaler Gateway?? >?? Policies?? >?? Authentication?? >?? SAML?? and click on the?? Policies?? tab
  2. Click?? Add
  3. In the Configuration Authentication SAML Policy, specify the options:
    • Name, example:?? samlssoact1
    • Server, example:?? samlssoact1
    • Expression, example:?? ns_true
    • Click?? OK
The Command-line Interface equivalent to the Graphical User Interface.
add authentication samlPolicy?? samlssoact1 ns_true samlssoact1
  1. In the?? Configuration?? tab, navigate?? Security?? >?? AAA?? -?? Application Traffic?? >?? Virtual Servers?? and highlight the Authentication Virtual Server, example:?? av_saml
  2. Click?? Edit
  3. Click the symbol + in the?? Basic Authentication Policies
  4. In the?? Policy?? section and the?? Choose Policy?? field, select?? SAML
  5. Click?? Continue
  6. Click?? Add Binding
  7. Specify?? samlssoact1?? and click?? Select
  8. Click?? OK?? and?? Close
  9. Click?? Done
The Command-line Interface equivalent to the Graphical User Interface.
bind authentication vserver?? av_saml?? -policy?? samlssoact1

Creating a Load Balancing Virtual Server to the Application Server

Creating a Load Balancing Virtual Server to the Application Server
  1. In the?? Configuration?? tab, navigate?? Traffic Management?? >?? Load Balancing?? >?? Virtual Servers?? and click?? Add
  2. In the?? Load Balancing Virtual Server?? field, specify the options:
    • Name, example:?? lb1_ssl
    • Protocol, example:?? SSL
    • IP Address Type, example:?? IP Address
    • IP Address, example:?? 192.168.10.103
    • Port, example:?? 443
    • Click?? OK
    • Click?? Continue
    • Click?? Continue
    • Click?? Persistence?? option.
      • Validate?? NONE?? is selected
      • Click?? OK
    • Click?? Traffic Setting?? option.
      • Validate Client Idle Time-out?? is set to?? 180
      • Click?? OK
    • Click?? Authentication?? option.
      • Validate Form Based Authentication?? is selected.
      • Authentication FQDN, example:?? auth1.example.com
      • Choose Authentication Virtual Server Type, example:?? Authentication Virtual Server
      • Authentication Virtual Server,?? example:?? av_saml
  3. Click OK
  4. Click Done.
The Command-line Interface equivalent to the Graphical User Interface.
add lb vserver?? lb1_ssl?? SSL?? 192.168.10.103?? 443 -persistenceType?? NONE?? -cltTimeout?? 180?? -AuthenticationHost?? auth1.example.com?? -Authentication?? ON?? -authnVsName?? av_saml
??
  1. In the?? Configuration?? tab, navigate?? Security?? >?? AAA – Application Traffic?? >?? Policies?? >?? Traffic?? and click on the?? Form SSO Policies?? tab.??
  2. Click Add
  3. In the?? Configuration Form SSO Profile?? field, specify the options:
    • Name, example:?? html_formaction
    • Action URL, example:?? /MYPHP/auth.php
    • User Name Field,?? example:?? username
    • Password?? Field, example:?? password
    • Expression, example:?? HTTP.RES.STATUS.EQ(200)
    • SubmitMethod, example:?? POST
  4. Click?? OK
The Command-line Interface equivalent to the Graphical User Interface.
add tm formSSOAction html_formaction1 -actionURL "/MYPHP/auth.php" -userField username -passwdField password -ssoSuccessRule "HTTP.RES.STATUS.EQ(200)" -submitMethod POST
??
  1. In the?? Configuration?? tab, navigate?? Security?? >?? AAA – Application Traffic?? >?? Policies?? >?? Traffic?? and click on the?? Traffic Profiles?? tab.??
  2. Click?? Add
  3. In the?? Create Traffic Profile?? field, specify the options
    • Name, example:?? html_prof??
    • AppTimeout: example:?? 180
    • Single Sign-on,?? example:?? ON
    • Form SSO Profile, example:?? html_formaction
  4. Click?? Create
The Command-line Interface equivalent to the Graphical User Interface.
add tm trafficAction html_prof -SSO ON -formSSOAction html_formaction
Note: AppTimeout is not required configuration when running the Command-Line Interface. ??
??
  1. In the?? Configuration?? tab, navigate?? Security?? >?? AAA – Application Traffic?? >?? Policies?? >?? Traffic?? and click on the?? Traffic Policy?? tab.??
  2. Click?? Add
  3. In the Create Traffic Policy?? field, specify the options
    • Name, example:?? html_pol
    • Profile, validate the profile is select in the previous step, example:?? html_prof
    • Expression, example:?? HTTP.REQ.URL.CONTAINS("abc.html")
  4. Click?? Create
The Command-line Interface equivalent to the Graphical User Interface.
add tm trafficPolicy?? html_pol?? "HTTP.REQ.URL.CONTAINS(\"abc.html\")" html_prof
  1. In the?? Configuration?? tab, navigate?? Traffic Management?? >?? Load Balancing?? >?? Virtual Servers?? and Highlight the Virtual Servers, example:?? lb1_ssl.??
  2. Click?? Edit
  3. Click?? Policies
  4. Click on the symbol?? +?? in the?? Policy?? field.
  5. In the?? Policies?? field, specify the options
  6. Choose?? Policy, example:?? Traffic
  7. Choose?? Type, example:?? Request
  8. Click?? Continue.
  9. In the?? Policy Binding?? field, specify the options
    • Binding, example:?? html.pol
    • Click?? Select
    • Priority, example:?? 100
    • Click?? Bind
The Command-line Interface equivalent to the Graphical User Interface.
bind lb vserver?? lb1_ssl?? -policyName?? html_pol?? -priority?? 100?? -gotoPriorityExpression?? END?? -type?? REQUEST
??

Publishing a Web Application at the XenApp Site.

??
When you configure a published application at the XenApp site, ensure that the Content Address is specified correctly. For example, in this article the web application is /myphp/abc.html and it is configured as https://nsslvpn.example.com/cvpn/https/nssp.example.com/myphp/abc.html.
The following are sample screen shots for publishing a web application:
?? User-added image

User-added image

User-added image

User-added image
??
After you configure the NetScaler appliance and the XenApp site, the user can logon to the VPN virtual server and open the published application. Form SAML SSO will trigger SAMLSSO to the load balancing virtual server and applies SSO to the application server.

Additional Resources

To configure SAML SSO authentication between NetScaler Gateway and load balancing virtual server, complete the following procedure:

  1. Configuring NetScaler Gateway Virtual Server for SSO to Published Applications

  2. Creating AAA Virtual Server and Binding the SAML Policy

  3. Creating a Load Balancing Virtual Server to the Application Server

  4. Publishing a Web Application at the XenApp Site

Applicable Products

特别说明

本文来源为Citrix.com所有,翻译后版权归翻译者所有.如需转载请注明出处.

相关文档

PREV

上一篇
How to Create and Bind Certificates to a NetScaler Gateway Virtual Server

NEXT

下一篇
Slow Performance When Transferring Files Through CloudBridge VPX

文档版本

.

广告招租

最新留言

.

广告招租

.