ADC

OAuth Authentication

August 20, 2024

Contributed by:

C C S

The authentication, authorization, and auditing traffic management feature supports OAuth and OIDC authentication. It authorizes and authenticates users to services that are hosted on applications such as Google, Facebook, and Twitter.

Points to note

Citrix ADC Advanced Edition and higher is required for the solution to work.
A Citrix ADC appliance must be on version 12.1 or later for the appliance to work as OAuth IdP using OpenID-Connect (OIDC) protocol.
OAuth on a Citrix ADC appliance is qualified for all SAML IdPs that are compliant with “OpenID connect 2.0”.

A Citrix ADC appliance can be configured to behave as a Service Provider (SP) or an Identity Provider (IdP), using SAML and OIDC protocols. Previously, a Citrix ADC appliance configured as IdP supported only SAML protocol, starting Citrix ADC 12.1 version, Citrix ADC supports OIDC protocol as well.

OpenID Connect is an extension to OAuth authorization/delegation. A Citrix ADC appliance supports OAuth and OpenID Connect protocols in the same class of other authentication mechanisms. OpenID Connect is an add-on to OAuth as it provides a way for getting user information from authorization server as opposed to OAuth that gets only a token which cannot be gleaned for user information.

The authentication mechanism facilitates the inline verification of OpenID tokens. A Citrix ADC appliance can be configured to obtain certificates and verify signatures on the token.

A major advantage of using the OAuth and OpenID-Connect mechanisms is that the user information is not sent to the hosted applications. Therefore, the risk of identity theft is considerably reduced.

The Citrix ADC appliance configured for authentication, authorization, and auditing now accepts incoming tokens that are signed using HMAC HS256 algorithm. In addition, the public keys of the SAML Identity Provider (IdP) are read from a file, instead of learning from a URL endpoint.

In the Citrix ADC implementation, the application is accessed by the authentication, authorization, and auditing traffic management virtual server. So, to configure OAuth, you must configure an OAuth policy which must then be associated with an authentication, authorization, and auditing traffic management virtual server.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

OAuth Authentication

August 20, 2024

Contributed by:

C C S

August 20, 2024

Contributed by:

C C S

OAuth Authentication

Points to note

In this article