Citrix NetScaler - SAML My Page SSO Configuration - RSA Ready Implementation Guide
a year ago

This article describes how to integrate Citrix NetScaler with RSA Cloud Authentication Service using My Page SSO.

          

Configure RSA Cloud Authentication Service

Perform these steps to configure RSA Cloud Authentication Service using My Page SSO.
Procedure 

  1. Sign in to RSA Cloud Administration Console and browse to Applications > Application Catalog.
  2. Search for Citrix NetScaler and click Add to add the connector.
  3. On the Basic Information page, choose Cloud.
  4. Enter a name for the application in the Name field and click Next Step.
  5. On the Connection Profile page, navigate to the Initiate SAML Workflow section and choose IdP-initiated.
  6. Scroll down to the Service Provider section and enter the following details:
    1. ACS URL:  The format is https://<ns_vs_hostname>/cgi/samlauth. Replace <ns_vs_hostname> with the hostname or IP address of your NetScaler virtual server, which can be obtained from the Citrix NetScaler configuration.
    2. Service Provider Entity ID: The format is <ns_vs_hostname>, where <ns_vs_hostname> represents the hostname or IP address of your NetScaler virtual server, which can be retrieved from the Citrix NetScaler configuration.
  7. Scroll down to the Identity Provider section. Make a note of the Identity Provider URL as it is needed for the Citrix NetScaler configuration.
  8. Navigate to the Message Protection section and click Download Certificate. Make a note of the downloaded certificate as it is required for the Citrix NetScaler configuration. 
  9. Scroll down to the User Identity section and select the following values:
    1. Identifier Type – emailAddress
    2. Property – mail
  10. Click Next Step.
  11. On the User Access page, select the access policy that the identity router will use to determine which users can access the application.
  12. Click Next Step.
  13. On the Portal Display page, configure the portal display and other settings and click Next Step.
  14. On the Fulfillment page, configure your preferred settings or leave the Fulfillment toggle button disabled as it is, and then click Save and Finish.
  15. Click Publish Changes and wait for the operation to be completed.

    After publishing, your application is now enabled for SSO. 

   

Configure Citrix NetScaler

Perform these steps to configure Citrix NetScaler.
Procedure 

  1. Log on to the Citrix NetScaler Gateway web administration console.
  2. Browse to Configuration > NetScaler Gateway > Policies > Authentication > SAML and click Add
  3. Enter a name for the SAML Authentication Policy, and then click Add next to the Server drop-down list.
  4. Configure the SAML Authentication Server settings and click Create.
    1. Enter a Name for the Authentication SAML Server.
    2. In the Redirect URL field, enter the Identity Provider URL that was provided in the RSA Cloud Authentication Service configuration.
    3. In the IDP Certificate Name drop-down list, select the public certificate provided in the RSA Cloud Authentication Service configuration. If the certificate was not added, refer to the steps in the Notes section to add it.
    4. Type mail in User Field.
  5. On the SAML Authentication Policy page, type ns_true in the Expression field and click Create.
  6. Navigate to Configuration > NetScaler Gateway > Virtual Servers.
  7. Take note of the Name and IP Address of the NetScaler Virtual Server. These are needed for the RSA Cloud Authentication Service configuration.
  8. Click to edit the NetScaler Gateway Virtual Server.
  9. Click + to bind a Basic Authentication policy.
  10. Select SAML Policy and Primary Type and click Continue.
  11. Click > icon to select the policy.
  12. Select the authentication policy that was configured earlier to bind it and click Select.
  13. Set the Priority and click Bind.
  14. Click Done

The configuration is complete.

  

Notes

In the NetScaler Gateway web administration console, you may not have a NetScaler virtual server initially. In this case, you will need to create your virtual server, assign it a preferred name, and assign an IP address. 

You can configure as many virtual servers as necessary, but ensure that the state of the virtual server is set to Up for proper functionality.

If you need to add a public certificate, follow these steps:

  1. Navigate to Traffic Management > SSL > Certificates.
  2. Click Install.
  3. Enter a name for the certificate-key pair.
  4. Click Choose File next to the certificate file name field. A file browser appears, allowing you to select and upload your certificate file. 
  5. Select the file and click Open to confirm.
  6. Set the Certificate Format to PEM.
  7. Click Install.
    Your certificate is added and available for future use.

 

Return to Citrix NetScaler - RSA Ready Implementation Guide.

 

Related Articles

Trending Articles

Don't see what you're looking for?