To provide single sign-on capabilities across applications that are hosted on the service provider, you can configure SAML single sign-on on the SAML SP.
Configuring SAML single sign-on by using the command line interface
- Configure the SAML SSO profile.
Example: In the following command, https://nssp2.example.com is the load balancing virtual server that has a web link from the SharePoint portal. Nssp.example.com is the Traffic Management virtual server that is load balancing the SharePoint server.
> add tm samlSSOProfile tm-saml-sso -samlSigningCertName nssp -assertionConsumerServiceURL "https://nssp2.example.com/cgi/samlauth" -relaystateRule "\"https://nssp2.example.com/samlsso.html\"" -sendPassword ON -samlIssuerName nssp.example.com
- Associate the SAML SSO profile with the traffic action.
Example: The following command enables SSO and binds the SAML SSO profile created above to a traffic action.
> add tm trafficAction html_act -SSO ON -samlSSOProfile tm-saml-sso
- Configure the traffic policy that specifies when the action must be executed.
Example: The following command associates the traffic action with a traffic policy.
> add tm trafficPolicy html_pol "HTTP.REQ.URL.CONTAINS(\"abc.html\")" html_act
- Bind the traffic policy created above to a traffic management virtual server (load balancing or content switching). Alternatively, the traffic policy can be associated globally.
Note: This traffic management virtual server must be associated with the relevant authentication virtual sever that is associated with the SAML action.
> bind lb vserver lb1_ssl -policyName html_pol -priority 100 -gotoPriorityExpression END -type REQUEST
Configuring SAML single sign-on by using the graphical user interface
- Define the SAML SSO profile, the traffic profile, and the traffic policy.
Navigate to Security > AAA - Application Traffic > Policies > Traffic, select the appropriate tab, and configure the settings.
- Bind the traffic policy to a traffic management virtual server or globally to the NetScaler appliance.