-
Getting Started with Citrix ADC
-
Deploy a Citrix ADC VPX instance
-
Apply Citrix ADC VPX configurations at the first boot of the Citrix ADC appliance in cloud
-
Install a Citrix ADC VPX instance on Microsoft Hyper-V servers
-
Install a Citrix ADC VPX instance on Linux-KVM platform
-
Prerequisites for Installing Citrix ADC VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the Citrix ADC Virtual Appliance by using OpenStack
-
Provisioning the Citrix ADC Virtual Appliance by using the Virtual Machine Manager
-
Configuring Citrix ADC Virtual Appliances to Use SR-IOV Network Interface
-
Configuring Citrix ADC Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the Citrix ADC Virtual Appliance by using the virsh Program
-
Provisioning the Citrix ADC Virtual Appliance with SR-IOV, on OpenStack
-
Configuring a Citrix ADC VPX Instance on KVM to Use OVS DPDK-Based Host Interfaces
-
-
Deploy a Citrix ADC VPX instance on AWS
-
Deploy a VPX high-availability pair with elastic IP addresses across different AWS zones
-
Deploy a VPX high-availability pair with private IP addresses across different AWS zones
-
Configure a Citrix ADC VPX instance to use SR-IOV network interface
-
Configure a Citrix ADC VPX instance to use Enhanced Networking with AWS ENA
-
Deploy a Citrix ADC VPX instance on Microsoft Azure
-
Network architecture for Citrix ADC VPX instances on Microsoft Azure
-
Configure multiple IP addresses for a Citrix ADC VPX standalone instance
-
Configure a high-availability setup with multiple IP addresses and NICs
-
Configure a high-availability setup with multiple IP addresses and NICs by using PowerShell commands
-
Configure a Citrix ADC VPX instance to use Azure accelerated networking
-
Configure HA-INC nodes by using the Citrix high availability template with Azure ILB
-
Configure address pools (IIP) for a Citrix Gateway appliance
-
Upgrade and downgrade a Citrix ADC appliance
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
On-premises Citrix Gateway as an identity provider to Citrix Cloud
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
Authentication and authorization for System Users
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Citrix ADC Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
-
-
Synchronizing Configuration Files in a High Availability Setup
-
Restricting High-Availability Synchronization Traffic to a VLAN
-
Understanding the High Availability Health Check Computation
-
Managing High Availability Heartbeat Messages on a Citrix ADC Appliance
-
Remove and Replace a Citrix ADC in a High Availability Setup
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Citrix ADC as a SAML SP
The SAML Service Provider (SP) is a SAML entity deployed by the service provider. When a user tries to access a protected application, the SP evaluates the client request. If the client is unauthenticated (does not have a valid NSC_TMAA or NSC_TMAS cookie), the SP redirects the request to the SAML Identity Provider (IdP).
The SP also validates SAML assertions that are received from the IdP.
When the Citrix ADC appliance is configured as an SP, all user requests are received by a traffic management virtual server (load balancing or content switching) that is associated with the relevant SAML action.
The Citrix ADC appliance also supports POST and Redirect bindings during logout.
Note
A Citrix ADC appliance can be used as a SAML SP in a deployment where the SAML IdP is configured either on the appliance or on any external SAML IdP.
When used as a SAML SP, a Citrix ADC appliance:
-
Can extract the user information (attributes) from the SAML token. This information can then be used in the policies that are configured on the Citrix ADC appliance. For example, if you want to extract the GroupMember and emailaddress attributes, in the SAMLAction, specify the Attribute2 parameter as GroupMember and the Attribute3 parameter as emailaddress.
Note
Default attributes such as username, password, and logout URL must not be extracted in attributes 1–16, because they as are implicitly parsed and stored in the session.
-
Can extract attribute names of up to 127 bytes from an incoming SAML assertion. The previous limit was 63 bytes.
-
Supports post, redirect, and artifact bindings.
Note
Redirect binding should not be used for large amount of data, when the assertion after inflate or decoding is greater than 10K.
-
Can decrypt assertions.
-
Can extract multi-valued attributes from a SAML assertion. These attributes are sent is nested XML tags such as:
<AttributeValue> <AttributeValue>Value1</AttributeValue> <AttributeValue>Value2</AttributeValue> </AttributeValue>
Note
From Citrix ADC 13.0 Build 63.x and above, the individual maximum length for SAML attributes has been increased to allow a maximum of 40k bytes. The size of all the attributes must not exceed 40k bytes.
When presented with previous XML, the Citrix ADC appliance can extract both Value1 and Value2 as values of a given attribute, as opposed to the old firmware that extracts only Value1.
-
Can specify the validity of a SAML assertion.
If the system time on Citrix ADC SAML IdP and the peer SAML SP is not in sync, the messages might get invalidated by either party. To avoid such cases, you can now configure the time duration for which the assertions are valid.
This duration, called the “skew time,” specifies the number of minutes for which the message should be accepted. The skew time can be configured on the SAML SP and the SAML IdP.
-
Can send extra attribute called ‘ForceAuth’ in the authentication request to external IdP (Identity Provider). By default, the ForceAuthn is set to ‘False’. It can be set to ‘True’ to suggest IdP to force authentication despite existing authentication context. Also, Citrix ADC SP does authentication request in query parameter when configured with artifact binding.
To configure the Citrix ADC appliance as a SAML SP by using the command line interface
-
Configure a SAML SP action.
Example
The following command adds a SAML action that redirects unauthenticated user requests.
add authentication samlAction SamlSPAct1 -samlIdPCertName nssp –samlRedirectUrl https://auth1.example.comFor more details on the command, see https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/authentication/authentication-samlAction/
-
Configure the SAML policy.
Example
The following command defines a SAML policy that applies the previously defined SAML action to all traffic.
add authentication policy SamlSPPol1 -rule true -action SamlSPAct1 -
Bind the SAML policy to the authentication virtual server.
Example
The following command binds the SAML policy to an authentication virtual server named “av_saml”.
bind authentication vserver av_saml -policy SamlSPPol1 -
Bind the authentication virtual server to the appropriate traffic management virtual server.
Example
The following command adds a load balancing virtual server named “lb1_ssl” and associates the authentication virtual server named “av_saml” to the load balancing virtual server.
add lb vserver lb1_ssl SSL 10.217.28.224 443 -persistenceType NONE -cltTimeout 180 -AuthenticationHost auth1.example.com -Authentication ON -authnVsName av_samlFor more details on the command, see https://developer-docs.citrix.com/projects/citrix-adc-command-reference/en/latest/authentication/authentication-samlAction/
To configure a Citrix ADC appliance as a SAML SP by using the GUI
-
Configure the SAML action and policy.
Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Policy, create a policy with SAML as the action type, and associate the required SAML action with the policy.
-
Associate the SAML policy with an authentication virtual server.
Navigate to Security > AAA - Application Traffic > Virtual Servers, and associate the SAML policy with the authentication virtual server.
-
Associate the authentication server with the appropriate traffic management virtual server.
Navigate to Traffic Management > Load Balancing (or Content Switching) > Virtual Servers, select the virtual server, and associate the authentication virtual server with it.
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.