ADC

Configuring a traffic management virtual server

September 21, 2020

Contributed by:

After you have created and configured your authentication virtual server, you next create or configure a traffic management virtual server and associate your authentication virtual sever with it. You can use either a load balancing or content switching virtual server for a traffic management virtual server. For more information about creating and configuring either type of virtual server, see the Citrix Traffic Management Guide at Traffic Management.

Note

The FQDN of the traffic management virtual server must be in the same domain as the FQDN of the authentication virtual server for the domain session cookie to function correctly.

You configure a traffic management virtual server for authentication, authorization, and auditing by enabling authentication and then assigning the FQDN of the authentication server to the traffic management virtual server. You can also configure the authentication domain on the traffic management virtual server at this time. If you do not configure this option, the Citrix ADC appliance assigns the traffic management virtual server an FQDN that consists of the FQDN of the authentication virtual server without the hostname portion. For example, if domain name of the authentication virtual server is tm.xyz.bar.com, the appliance assigns xyz.bar.com. as the authentication domain.

To configure a TM virtual server for authentication, authorization, and auditing by using the command line interface

At the command prompt, type one of the following sets of commands to configure a TM virtual server and verify the configuration:

set lb vserver <name> –authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]
show lb vserver <name>
set cs vserver <name> –authentication ON -authenticationhost <FQDN> [-authenticationdomain <authdomain>]
show cs vserver <name>

Example
set lb vserver vs-cont-sw -Authentication ON -AuthenticationHost mywiki.index.com Done
show lb vserver vs-cont-sw vs-cont-sw (0.0.0.0:0) - TCP Type: ADDRESS State: DOWN Last state change was at Wed Aug 19 10:03:15 2009 (+410 ms) Time since last state change: 5 days, 20:00:40.290 Effective State: DOWN Client Idle Timeout: 9000 sec Down state flush: ENABLED Disable Primary Vserver On Down : DISABLED No. of Bound Services : 0 (Total) 0 (Active) Configured Method: LEASTCONNECTION Mode: IP Persistence: NONE Connection Failover: DISABLED Authentication: ON Host: mywiki.index.com Done

To configure a TM virtual server for authentication, authorization, and auditing by using the configuration utility

In the navigation pane, do one of the following.
- Navigate to Traffic Management > Load Balancing > Virtual Servers.
- Navigate to Traffic Management > Content Switching > Virtual Servers
- In the details pane, select the virtual server on which you want to enable authentication, and then click Edit.
- In the Domain text box, type the authentication domain.
- In the Advanced menu on the right, select Authentication.
- Choose either Form Based Authentication or 401 Based Authentication, and fill in the Authentication information.
  - For Form Based Authentication, enter the Authentication FQDN (the fully-qualified domain name of the authentication server), the Authentication VServer (the IP address of the authentication virtual server), and the Authentication Profile (the profile to use for authentication).
  - For 401 Based Authentication, enter the Authentication VServer and the Authentication Profile only.
- Click OK. A message appears in the status bar, stating that the vserver has been configured successfully.

The login protocol between authentication, authorization, and auditing traffic management virtual servers and authentication, authorization, and auditing virtual servers is simplified to use internal mechanisms as opposed to sending the encrypted data through query parameters. By leveraging this feature, the replay of requests is prevented.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Configuring a traffic management virtual server

September 21, 2020

Contributed by:

September 21, 2020

Contributed by:

To configure a TM virtual server for authentication, authorization, and auditing by using the command line interface
To configure a TM virtual server for authentication, authorization, and auditing by using the configuration utility
Simplified login protocol support for authentication, authorization, and auditing

Configuring a traffic management virtual server

To configure a TM virtual server for authentication, authorization, and auditing by using the command line interface

To configure a TM virtual server for authentication, authorization, and auditing by using the configuration utility

Simplified login protocol support for authentication, authorization, and auditing

In this article