Page History

Table of Contents

Create a Logon Procedure for ADC Citrix Gateway

Login to the DualShield Administration Console
In the main menu, select navigate to "Authentication > | Logon Procedures

...

"

...

Click the "

...

+ CREATE" button on the toolbar

...

Enter a friendly "Name" and select "Web SSO" as the

...

Type:

5. Click SaveClick "SAVE" button to create.
6. Click the Context Menu icon context "..." menu of the newly create logon procedure, select created Logon Procedure, then select "Logon Steps"

Image Removed

7. In the popup windows, click on Add

Image Removed

8. Select the desired authentication method, e.g. Static Password

Image Removed

9. Click Save

10.Repeat step 7-9 to add more logon steps if desired, e.g. Click "+ ADD" to select and add a Logon Step. Repeat for both "Static Password" (AD Password) and "One-Time Password.

...

":

Image Added

Create an Application for ADC Citrix Gateway

In the main menu, select Authentication > Application

Image Removed

2. Click on Create

Image Removed

3. Enter Name

4. Select Realm from drop-down list and Logon Procedure from search button.

Image Removed

navigate to "Authentication | Applications"
Click "+ CREATE" button, to create the new Application
Name: Enter an appropriate friendly "Name"
Realm: Select your internal AD "Realm"
Logon Procedure: Select the Logon Procedure created in the previous step.

Image Added

5. Click "SAVE" button to create the new Application5. Click Save
6. Click the context "..." menu of the newly created applicationApplication, then select "Agents":

Image Added Image Removed

7. Select From the list select "Single Sign-on Server / SSO Server":

Image AddedImage Removed

8. Click Save"SAVE" button to confirm.
9. Click the context "..." menu of the newly created applicationApplication, select then "Self Test

Image Removed

If configured correctly all the tests should pass, as below.

Image Removed

"

Image Added

Create a SAML Service Provider for ADC Citrix Gateway

In the main menu, select navigate to "SSO > | Service Providers"

Image Removed

2. Click Create

Image Removed

3. In the SSO Server field, select your DualShield SSO server from the list

4. In the Name field, enter the name for the Service Provider to be created

5. In the Type field, select SAML 2.0

Image Removed

Click on Create Metadata
In the "Metadata" box, enter the metadata* of the service provider to be created.

...

Click "+ CREATE" to setup a new Provider
SSO Server: Select default "Single Sign-on Server"
Name: Enter an appropriate friendly "Name".
Type: Select from the drop-down "SAML 2.0".

Image Added

6. Click the "CREATE METADATA" button.
7. In the Metadata box that appears, paste in the Metadata, exported from the Service Provider (*see template below)

Image Added

Use the template Use the template below to create the metadata. Change the value of the " entityID" and "Location" , ACS and SLO location attributes (highlighted in red) to the FQDN of your Citrix Gateway Virtual Server.
<?xml version="1.0" encoding="UTF-8" ?>
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://citrix.gateway.
com^{Image Removed}
fqdn">
<SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<NameIDFormat>urn
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:
unspecified<
unspecified</NameIDFormat>
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://citrix.gateway.
com
fqdn/cgi/samlauth" index="0" isDefault="true">
</AssertionConsumerService>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="https://citrix.gateway.fqdn/cgi/logout" />
</SPSSODescriptor>
</EntityDescriptor>

Click Save.