To configure SAML authentication
-
In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.
-
In the navigation pane, click SAML.
-
In the details pane, click Add.
-
In the Create Authentication Policy dialog box, in Name, type a name for the policy.
-
Next to Server, click New.
-
In Name, type a name for the server profile.
-
In IdP Certificate Name, select a certificate or click Install. This is the certificate installed on the SAML or IDP server.
If you click Install, add the certificate and private key. For more information, see Installing and Managing Certificates.
-
In Redirect URL, enter the URL of the authentication Identity Provider (IdP).
This is the URL for user logon to the SAML server. This is the server to which NetScaler Gateway redirects the initial request.
-
In User Field, enter the user name to extract.
-
In Signing Certificate Name, select the private key for the certificate you selected in Step 9.
This is the certificate that is bound to the AAA virtual IP address. The SAML Issuer Name is the fully qualified domain name (FQDN) to which users log on, such as lb.example.com or ng.example.com.
-
In SAML Issuer Name, enter the FQDN of the load balancing or NetScaler Gateway virtual IP address to which the appliance sends the initial authentication (GET) request.
-
In Default authentication group, enter the group name.
-
To enable two-factor authentication, in Two Factor, click ON.
-
Disable Reject Unsigned Assertion. Enable this setting only if the SAML or IDP server is signing the SAML response.
-
Click Create and then click Close.
-
In the Create authentication policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create and then click Close.