-
Getting Started with Citrix NetScaler
-
Deploy a Citrix NetScaler VPX instance
-
Install a Citrix NetScaler VPX instance on Microsoft Hyper-V servers
-
Install a NetScaler VPX instance on Linux-KVM platform
-
Prerequisites for Installing NetScaler VPX Virtual Appliances on Linux-KVM Platform
-
Provisioning the NetScaler Virtual Appliance by using OpenStack
-
Provisioning the NetScaler Virtual Appliance by using the Virtual Machine Manager
-
Configuring NetScaler Virtual Appliances to Use SR-IOV Network Interface
-
Configuring NetScaler Virtual Appliances to use PCI Passthrough Network Interface
-
Provisioning the NetScaler Virtual Appliance by using the virsh Program
-
-
Deploying NetScaler VPX Instances on AWS
-
Upgrade and downgrade a NetScaler appliance
-
-
-
NetScaler as a SAML IdP
-
-
-
-
-
Overriding Static Proximity Behavior by Configuring Preferred Locations
-
Example of a Complete Parent-Child Configuration Using the Metrics Exchange Protocol
-
Configuring Global Server Load Balancing for DNS Queries with NAPTR records
-
Using the EDNS0 Client Subnet Option for Global Server Load Balancing
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Use source IP address of the client when connecting to the server
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
-
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
Thank you for the feedback
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已动态机器翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This content has been machine translated dynamically.
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.
Este artigo foi traduzido automaticamente.
这篇文章已经过机器翻译.放弃
Translation failed!
NetScaler appliance as a SAML IdP
The SAML IdP (Identity Provider) is a SAML entity that is deployed on the customer network. The IdP receives requests from the SAML SP and redirects users to a logon page, where they must enter their credentials. The IdP authenticates these credentials with the user directory (external authentication server, such as LDAP) and then generates a SAML assertion that is sent to the SP.
The SP validates the token, and the user is then granted access to the requested protected application.
When the NetScaler appliance is configured as an IdP, all requests are received by an authentication virtual server that is associated with the relevant SAML IdP profile.
Note
A NetScaler appliance can be used as a IdP in a deployment where the SAML SP is configured either on the appliance or on any external SAML SP.
When used as a SAML IdP, a NetScaler appliance:
-
Supports all authentication methods that it supports for traditional logons.
-
Digitally signs assertions. Support for the SHA256 algorithm is introduced in NetScaler 11.0 Build 55.x.
-
Supports single-factor and two-factor authentication. SAML must not be configured as the secondary authentication mechanism.
-
Can encrypt assertions by using the public key of the SAML SP. This is recommended when the assertion includes sensitive information. Support introduced in NetScaler 11.0 Build 55.x.
-
Can be configured to accept only digitally signed requests from the SAML SP. Support introduced in NetScaler 11.0 Build 55.x.
-
Can log on to the SAML IdP by using the following 401-based authentication mechanisms: Negotiate, NTLM, and Certificate. Support introduced in NetScaler 11.0 Build 55.x.
-
Can be configured to send 16 attributes in addition to the NameId attribute. The attributes must be extracted from the appropriate authentication server. For each of them, you can specify the name, the expression, the format, and a friendly name in the SAML IdP profile. Support introduced in NetScaler 11.0 Build 55.x.
-
If the NetScaler appliance is configured as a SAML IdP for multiple SAML SP, a user can gain access to applications on the different SPs without explicitly authenticating every time. The NetScaler appliance creates a session cookie for the first authentication, and every subsequent request uses this cookie for authentication. Support introduced in NetScaler 11.0 Build 55.x.
-
Can send multi-valued attributes in a SAML assertion. Support introduced in NetScaler 11.0 Build 64.x.
-
Supports post and redirect bindings. Support for redirect bindings is introduced in NetScaler 11.0 Build 64.x.
-
Can specify the validity of a SAML assertion.
If the system time on NetScaler appliance SAML IdP and the peer SAML SP is not in sync, the messages might get invalidated by either party. To avoid such cases, you can now configure the time duration for which the assertions will be valid.
This duration, called the “skew time,” specifies the number of minutes for which the message should be accepted. The skew time can be configured on the SAML SP and the SAML IdP.
Note
Support introduced in NetScaler 11.0 Build 64.x.
-
Can be configured to serve assertions only to SAML SPs that are pre-configured on or trusted by the IdP. For this configuration, the SAML IdP must have the service provider ID (or issuer name) of the relevant SAML SPs. Support introduced in NetScaler 11.0 Build 64.x.
Note
Before proceeding, make sure that you have an authentication virtual server that is linked to an LDAP authentication server.
To configure a NetScaler appliance as a SAML IdP by using the command line interface
-
Configure a SAML IdP profile.
Example
Adding NetScaler appliance as an IdP with SiteMinder as the SP.
add authentication samlIdPProfile samlIDPProf1 -samlSPCertName siteminder-cert -encryptAssertion ON -samlIdPCertName ns-cert -assertionConsumerServiceURL http://sm-proxy.nsi-test.com:8080/affwebservices/public/saml2assertionconsumer -rejectUnsignedRequests ON -signatureAlg RSA-SHA256 -digestMethod SHA256 -
Configure the SAML authentication policy and associate the SAML IdP profile as the action of the policy.
add authentication samlIdPPolicy samlIDPPol1 -rule ns\_true -action samlIDPProf1 -
Bind the policy to the authentication virtual server.
bind authentication vserver saml-auth-vserver -policy samlIDPPol1 -priority 100
To configure a NetScaler appliance as a SAML IdP by using the graphical user interface
-
Configure the SAML IdP profile and policy.
Navigate to Security > AAA - Application Traffic > Policies > Authentication > Advanced Policies > Policy, and create a policy with SAML IdP as the action type, and associate the required SAML IdP profile with the policy.
-
Associate the SAML IdP policy with an authentication virtual server.
Navigate to Security > AAA - Application Traffic > Virtual Servers, and associate the SAML IdP policy with the authentication virtual server.
Thank you for the feedback
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.