DualShield Configuration [CTX-SAML-AGEE]

Create a Logon Procedure

1. Login to the DualShield Administration Console
2. In the main menu, navigate to “Authentication | Logon Procedures”
3. Click the “+ CREATE” button on the toolbar
4. Enter an appropriate “Name” and select “Web SSO” as the type.
   
   
   
   
5. Click “SAVE” to create.
6. Click the context "..." menu icon of the newly created Logon Procedure, then select “Logon Steps”
7. Click "+ ADD" to select and add each authentication method in turn.
8. Select the first desired authentication method. Such as “Static Password” (AD Password)
9. Click "SAVE" to confirm.
10. Repeat Step 7-9 to add more logon steps if desired...
    
    

Create a new Web Application

1. In the main menu, navigate to “Authentication | Applications”
2. Click the “+ CREATE” button on the toolbar
3. Enter an appropriate friendly “Name”
4. Select the internal AD “Realm”
5. Select the Logon Procedure created in the previous step
   
   
   
   
6. Click "SAVE" to create.
7. Click the context "..." menu of the newly created Application, then "Agents" to associate SSO Server.
   
   
   
   
8. Select the "Single Sign-on Server / SSO Server"
9. Click "SAVE" to update.
10. Click the context "..." menu of the newly created application, select "Self Test"
    
    

Create a web application Service Provider

1. In the main menu, navigate to “SSO | Service Providers”
2. Click the “+ CREATE” button on the toolbar
3. In the “SSO Server” field, select your "Single Sign-On Server" from the list
4. At the "Application" drop-down, select the Citrix SAML Application created previously.
5. In the "Name" field, enter an appropriate friendly name for this Service Provider.
6. In the "Type" field, select “SAML 2.0” 

7. Select the "CREATE METADATA" button.
   In the box that appears, paste the Metadata of the Service Provider to be created.
   
   
   
   
   Use the template  below to create the Metadata. Change the value of the "entityID" and "Location" attributes (highlighted in red) to the FQDN of your NetScaler Gateway Virtual Server.
   
   

   <?xml version="1.0" encoding="UTF-8" ?>

   <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ageesaml.deepnetqa.com">

       <SPSSODescriptor WantAssertionsSigned="true"   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

           <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

           <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ageesaml.deepnetqa.com/cgi/samlauth" index="0" isDefault="true">

           </AssertionConsumerService>

       </SPSSODescriptor>

   </EntityDescriptor>

   
   

   Related Articles

   • MFA for VPN