Product Documentation

Setting Up an Authentication Virtual Server

Oct 30, 2015

All authentication requests are redirected by the traffic management virtual server (load balancing or content switching) to the authentication virtual sever. This virtual server processes the associated authentication policies and accordingly provides access to the application.

To set up an authentication virtual server by using the NetScaler CLI

  1. Enable the AAA feature.

    ns-cli-prompt> enable ns feature AAA

  2. Configure an authentication virtual server. It must be of type SSL and make sure to bind SSL certificate-key pair to the virtual server.

    ns-cli-prompt> add authentication vserver <name> SSL <ipaddress> <port>

    ns-cli-prompt> bind ssl certkey <auth-vserver-name> <certkey>

  3. Specify the FQDN of the domain for the authentication virtual server.

    ns-cli-prompt> set authentication vserver <name> -authenticationDomain <FQDN>

  4. Associate the authentication virtual server to the relevant traffic management virtual server.

    Note: The FQDN of the traffic management virtual server must be in the same domain as the FQDN of the authentication virtual server for the domain session cookie to function correctly.

    On the traffic management virtual server:

    - Enable authentication.
    - Specify the FQDN of the authentication virtual server as the authentication host of the traffic management virtual server.
    - [Optional] Specify the authentication domain on the traffic management virtual server.

    Note: If you do not configure the authentication domain, the appliance assigns an FQDN that consists of the FQDN of the authentication virtual server without the hostname portion. For example, if domain name of the authentication virtual server is tm.xyz.bar.com, the appliance assigns xyz.bar.com as the authentication domain.

    For load balancing:
    ns-cli-promptset lb vserver <name> -authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]

    For content switching:
    ns-cli-promptset lb vserver <name> -authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]

  5. Verify that both the virtual servers are UP and configure correctly.

    ns-cli-prompt> show authentication vserver <name>

To set up an authentication virtual server by using the NetScaler GUI

  1. Enable the AAA feature.

    Navigate to System > Settings, click Configure Basic features, and enable Authentication, Authorization and Auditing.

  2. Configure the authentication virtual server.

    Navigate to Security > AAA - Application Traffic > Virtual Servers, and configure as required (refer to the configurations provided in the CLI procedure provided above).

  3. Configure the traffic management virtual server for authentication.

    For load balancing:
    Navigate to Traffic Management > Load Balancing > Virtual Servers, and configure the virtual server as required (refer to the configurations provided in the CLI procedure provided above).

    For content switching:
    Navigate to Traffic Management > Content Switching > Virtual Servers, and configure the virtual server as required (refer to the configurations provided in the CLI procedure provided above).

  4. Verify the authentication setup.

    Navigate to Security > AAA - Application Traffic > Virtual Servers, and check the details of the relevant authentication virtual server.