-
Getting Started with Citrix NetScaler
-
Deploy a Citrix NetScaler VPX instance
-
Install a Citrix NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the NetScaler Virtual Appliance by using OpenStack
-
Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager
-
Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface
-
Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the NetScaler Virtual Appliance by using the virsh Program
-
-
Deploying NetScaler VPX Instances on AWS
-
Upgrade and downgrade a NetScaler appliance
-
-
-
-
-
-
Overriding Static Proximity Behavior by Configuring Preferred Locations
-
Example of a Complete Parent-Child Configuration Using the Metrics Exchange Protocol
-
Configuring Global Server Load Balancing for DNS Queries with NAPTR records
-
Using the EDNS0 Client Subnet Option for Global Server Load Balancing
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Use source IP address of the client when connecting to the server
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
Configuring the OpenID connect protocol
A NetScaler appliance can now be configured as an identity provider by using OpenID Connect protocol. OpenID connect protocol strengthens identity providing capabilities of the NetScaler appliance. You can now access enterprise wide hosted application with a single sign-on as OpenID connect offers more security by not transferring user password but works with tokens with specific lifetime. OpenID also is designed to integrate with non-browser clients such as apps and services. Therefore, OpenID connect has been widely adopted by many implementations.
Advantages of having the OpenID connect support
- OpenID eliminates overhead of maintaining multiple authentication passwords as the user has a single identity across organization.
- OpenID provides a robust security for your password as the password is shared only with your identity provider and not with any application you access.
- OpenID has vast interoperability with various systems making it easier for the hosted applications to accept OpenID.
- OpenID is a simple protocol that enables native clients to easily integrate with servers.
To configure NetScaler appliance as an IdP using the OpenID Connect protocol with the GUI**
-
Navigate to Configuration > Security > AAA-Application Traffic > Policies > Authentication > Advanced Policies > OAuth IdP.
-
Click Profile and click Add.
On the Create Authentication OAuth IDP Profile screen, set values for the following parameters and click Create.
- Name – Name of the authentication profile.
- Client ID – Unique string that identifies SP.
- Client Secret – Unique secret that identifies SP.
- Redirect URL – Endpoint on SP to which code/token has to be posted.
- Issuer Name – String that identifies IdP.
- Audience – Target recipient for the token being sent by IdP. This might be checked by the recipient.
- Skew Time – The time for which the token remains valid.
- Default Authentication Group – A group added to the session for this profile to simplify policy evaluation and help in customizing policies.
-
Click Policies and click Add.
-
On the Create Authentication OAuth IDP Policy screen, set values for the following parameters and click Create.
- Name – The name of the authentication policy.
- Action – Name of profile created above.
- Log Action –Name of messagelog action to use when a request matches this policy. This is not mandatory filed.
- Undefined-Result Action – Action to perform if the result of policy evaluation is undenfined(UNDEF). This is not mandatory field.
- Expression – Default syntax expression that the policy uses to respond to specific request. For example, true.
- Comments – Any comments about the policy.
Binding the OAuthIDP policy and LDAP policy to the authentication virtual server
-
Navigate to Configuration > Security > AAA-Application Traffic > Policies >Authentication > Advanced Policies > Actions > LDAP.
-
On LDAP Actions screen, click Add.
-
On Create Authentication LDAP Server screen, set the values for the following parameters, and click Create.
- Name – The name of the ldap action**
- ServerName/ServerIP – Provide FQDN or IP of the LDAP server**
- Choose appropriate values for Security Type, Port, Server Type, Time-Out
- Make sure Authentication is checked
- Base DN – Base from which to start LDAP search. For example, dc=aaa,dc=local.
- Administrator Bind DN: Username of the bind to LDAP server. For example, admin@aaa.local.
- Administrator Password/Confirm Password: **Password to bind LDAP
- Click Test Connection to test your settings.
- Server Logon Name Attribute: Choose “sAMAccountName”
- Other fields are not mandatory and hence can be configured as required.
-
Navigate to Configuration > Security > AAA-Application Traffic > Policies >Authentication > Advanced Policies > Policy.
-
On Authentication Policies screen, click Add.
-
On Create Authentication Policy page, set the values for the following parameters and click Create.
- Name – Name of the LDAP Authentication Policy.**
- Action Type – Choose LDAP.
- Action – Choose the LDAP action created above.**
- Expression – Default syntax expression that the policy uses to respond to specific request. For example, true.
To configure the NetScaler appliance as an IdP using the OpenID Connect protocol with the command line
At the command prompt, type the following commands:
add authentication OAuthIDPProfile <name> [-clientID <string>][-clientSecret ][-redirectURL <URL>][-issuer <string>][-audience <string>][-skewTime <mins>] [-defaultAuthenticationGroup <string>]
-
add authentication OAuthIdPPolicy <name> -rule <expression> [-action <string> [-undefAction <string>] [-comment <string>][-logAction <string>]
-
add authentication ldapAction aaa-ldap-act -serverIP 10.0.0.10 -ldapBase "dc=aaa,dc=local"
ldapBindDn <administrator@aaa.local> -ldapBindDnPassword <password> -ldapLoginName
sAMAccountName
-
add authentication policy aaa-ldap-adv-pol -rule true -action aaa-ldap-act
-
bind authentication vserver auth_vs -policy <ldap_policy_name> -priority 100 -gotoPriorityExpression NEXT
-
bind authentication vserver auth_vs -policy <OAuthIDPPolicyName> -priority 5 -gotoPriorityExpression END
-
bind vpn global –certkey <>
Note
You can bind more than one key. Public parts of certificates bound are sent in response to jwks_uri query (https://gw/oauth/idp/certs)).
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.