Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on

compared with

New Version Current

changes.mady.by.user Daniel.Juleff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated Images and Syntax

Table of Contents

Create a

...

Logon Procedure

  1. Login to the DualShield Management Administration Console
  2. In the main menu, select navigate to “Authentication | Logon Procedure”Procedures”
  3. Click the “Create” “+ CREATE” button on the toolbar
  4. Enter an appropriate “Name” and select “Web SSO” as the type.
    Image Removed
    Image Added

  5. Click “Save”“SAVE” to create.
  6. Click the Context Menu context "..." menu icon of the newly create logon procedure, created Logon Procedure, then select “Logon Steps”In the popup windows, click the “Create” button on the toolbar
  7. Click "+ ADD" to select and add each authentication method in turn.
  8. Select the first desired authentication method, e. g. Such as “Static Password” (AD Password)
  9. Click "SaveSAVE" to confirm.
  10. Repeat step Step 7-9 to add more logon steps if desired, e..g. "One-Time Password"
    Image Removed
    Click "Save"

    Image Added

Create a new Web

...

Application

  1. In the main menu, select navigate to “Authentication | Application”Applications”
  2. Click the “Create” “+ CREATE” button on the toolbar
  3. Enter an appropriate friendly “Name”
  4. Select the internal AD “Realm”
  5. Select the newly created logon procedure
    Image RemovedLogon Procedure created in the previous step

    Image Added

  6. Click "SaveSAVE" to create.
  7. Click the context "..." menu of the newly created applicationApplication, select then "AgentAgents" to associate SSO Server.
    Image Removed
    Image Added

  8. Select the "Single Sign-on Server / SSO Server"
  9. Click "SaveSAVE" to update.
  10. Click the context "..." menu of the newly created application, select "Self Test"
    Image Removed
    Image Added

Create a web application Service

...

Provider

  1. In the main menu, select navigate to “SSO | Service Providers”
  2. Click the “Create” “+ CREATE” button on the toolbar
  3. In the “SSO Server” field, select your DualShield SSO server "Single Sign-On Server" from the list
  4. At the "Application" drop-down, select the Citrix SAML Application created previously.
  5. In the "Name" field, enter the an appropriate friendly name for the this Service Provider to be created.
  6. In the "Type" field, select “SAML 2.0” 

  7. In Select the "Metadata" box, enter the metadata of the service provider CREATE METADATA" button.
    In the box that appears, paste the Metadata of the Service Provider to be created.

    Image Added


    Use the template the template  below to create the metadataMetadata. Change the value of the "entityID" and "Location" attributes (highlighted in red) to the FQDN of your NetScaler Gateway Virtual Server.

    Info

    <?xml version="1.0" encoding="UTF-8" ?>

    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ageesaml.deepnetqa.com">

        <SPSSODescriptor WantAssertionsSigned="true"   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

            <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

            <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ageesaml.deepnetqa.com/cgi/samlauth" index="0" isDefault="true">

            </AssertionConsumerService>

        </SPSSODescriptor>

    </EntityDescriptor>

    Image Removed