Configuring SAML single sign-on

To provide single sign-on capabilities across applications that are hosted on the service provider, you can configure SAML single sign-on on the SAML SP.

Configuring SAML single sign-on by using the command line interface

  1. Configure the SAML SSO profile.

    Example

    In the following command, Example is the load balancing virtual server that has a web link from the SharePoint portal. Nssp.example.com is the Traffic Management virtual server that is load balancing the SharePoint server.

    add tm samlSSOProfile tm-saml-sso -samlSigningCertName nssp -assertionConsumerServiceURL "https://nssp2.example.com/cgi/samlauth" -relaystateRule "\\"https://nssp2.example.com/samlsso.html\\"" -sendPassword ON -samlIssuerName nssp.example.com

  2. Associate the SAML SSO profile with the traffic action.

    Example

    The following command enables SSO and binds the SAML SSO profile created above to a traffic action.

    add tm trafficAction html\_act -SSO ON -samlSSOProfile tm-saml-sso

  3. Configure the traffic policy that specifies when the action must be executed.

    Example

    The following command associates the traffic action with a traffic policy.

    add tm trafficPolicy html_pol "HTTP.REQ.URL.CONTAINS(\\"abc.html\\")" html_act

  4. Bind the traffic policy created above to a traffic management virtual server (load balancing or content switching). Alternatively, the traffic policy can be associated globally.

    Note

    This traffic management virtual server must be associated with the relevant authentication virtual sever that is associated with the SAML action.

    bind lb vserver lb1_ssl -policyName html_pol -priority 100 -gotoPriorityExpression END -type REQUEST

Configuring SAML single sign-on by using the graphical user interface

  1. Define the SAML SSO profile, the traffic profile, and the traffic policy.

    Navigate to Security > AAA - Application Traffic > Policies > Traffic, select the appropriate tab, and configure the settings.

  2. Bind the traffic policy to a traffic management virtual server or globally to the NetScaler appliance.