Product Documentation

Configuring SAML Single Sign-on

Aug 31, 2016

To provide single sign-on capabilities across applications that are hosted on the service provider, you can configure SAML single sign-on on the SAML SP.

Configuring SAML single sign-on by using the command line interface

  1. Configure the SAML SSO profile.

    Example: In the following command, https://nssp2.example.com is the load balancing virtual server that has a web link from the SharePoint portal. Nssp.example.com is the Traffic Management virtual server that is load balancing the SharePoint server.
    > add tm samlSSOProfile tm-saml-sso -samlSigningCertName nssp -assertionConsumerServiceURL "https://nssp2.example.com/cgi/samlauth" -relaystateRule "\"https://nssp2.example.com/samlsso.html\"" -sendPassword ON -samlIssuerName nssp.example.com

  2. Associate the SAML SSO profile with the traffic action.

    Example: The following command enables SSO and binds the SAML SSO profile created above to a traffic action.
    > add tm trafficAction html_act -SSO ON -samlSSOProfile tm-saml-sso

  3. Configure the traffic policy that specifies when the action must be executed.

    Example: The following command associates the traffic action with a traffic policy.
    > add tm trafficPolicy html_pol "HTTP.REQ.URL.CONTAINS(\"abc.html\")" html_act

  4. Bind the traffic policy created above to a traffic management virtual server (load balancing or content switching). Alternatively, the traffic policy can be associated globally.

    Note: This traffic management virtual server must be associated with the relevant authentication virtual sever that is associated with the SAML action.

    > bind lb vserver lb1_ssl -policyName html_pol -priority 100 -gotoPriorityExpression END -type REQUEST

Configuring SAML single sign-on by using the graphical user interface

  1. Define the SAML SSO profile, the traffic profile, and the traffic policy.

    Navigate to Security > AAA - Application Traffic > Policies > Traffic, select the appropriate tab, and configure the settings.

  2. Bind the traffic policy to a traffic management virtual server or globally to the NetScaler appliance.