Product Documentation

Configuring SAML Single Sign-On

You can create a SAML 1.1 or SAML 2.0 profile for single sign-on (SSO). Users can connect to web applications that support the SAML protocol for single sign-on. Citrix Gateway supports the identity provider (IdP) single sign-on for SAML web applications.

To configure SAML single sign-on

  1. In the configuration utility, on the Configuration tab, in the navigation pane, expand NetScaler Gateway > Policies and then click Traffic.
  2. In the details pane, click the SAML SSO Profile tab.
  3. In the details pane, click Add.
  4. In Name, type a name for the profile.
  5. In Signing Certificate Name, enter the name of the X.509 certificate.
  6. In ACS URL, enter the assertion consumer service of the identity provider or service provider. The AssertionConsumerServiceURL (ACS URL) provides SSO capability for users.
  7. In Relay State Rule, build the expression for the policy from Saved Policy Expressions and Frequently Used Expressions. Select from the Operator list to define how the expression is evaluated. To test the expression, click Evaluate.
  8. In Send Password select ON or OFF.
  9. In Issuer Name enter the identity for the SAML application.
  10. Click Create and then click Close.

Configuring SAML Single Sign-On