-
Configuring SAML Authentication
-
To configure SAML authentication
-
-
Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices
-
Restrict access to Citrix Gateway for members of one Active Directory group
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
To configure SAML authentication
-
In the configuration utility, on the Configuration tab, expand Citrix Gateway > Policies > Authentication.
-
In the navigation pane, click SAML.
-
In the details pane, click Add.
-
In the Create Authentication Policy dialog box, in Name, type a name for the policy.
-
Next to Server, click New.
-
In Name, type a name for the server profile.
-
In IdP Certificate Name, select a certificate or click Install. This is the certificate installed on the SAML or IdP server.
If you click Install, add the certificate and private key. For more information, see Installing and Managing Certificates.
-
In Redirect URL, enter the URL of the authentication Identity Provider (IdP).
This is the URL for the user logon to the SAML server. This is the server to which Citrix Gateway redirects the initial request.
-
In Single Logout URL, specify the URL so that the appliance can recognize when to send the client back to the IdP to complete the sign-out process.
-
In SAML Binding, select the method that is to be used to move the client from the SP to the IdP. This needs to be the same on the IdP so that it understands how the client connects to it. When the appliance acts as an SP, it supports POST, REDIRECT, and ARTIFACT bindings.
-
In Logout Binding, select REDIRECT.
-
In IDP Certificate Name, select the IdPCert Certificate (Base64) present under the SAML Signing Certificate.
Note:
You can also click Import Metadata and select the URL where the metadata configuration is stored.
-
In User Field, enter the user name to extract.
-
In Signing Certificate Name, Select the SAML SP certificate (with private key) that the appliance uses to sign authentication requests to the IdP. The same certificate (without private key) must be imported to the IdP, so that the IdP can verify the authentication request signature. This field is not needed by most IdPs
This is the certificate that is bound to the Citrix Gateway virtual IP address. The SAML Issuer Name is the fully qualified domain name (FQDN) to which users log on, such as lb.example.com or ng.example.com.
-
In Issuer Name, enter the FQDN of the load balancing or Citrix Gateway virtual IP address to which the appliance sends the initial authentication (GET) request.
-
In Reject unsigned assertion, specify if you require the Assertions from the IdP to be signed. You can ensure that only the Assertion must be signed (ON) or both the assertion and the response from the IdP must be signed (STRICT).
-
In Audience, enter the audience for which the assertion sent by IdP is applicable. This is typically an entity name or URL that represents the service provider.
-
In Signature Algorithm, select RSA-SHA256
-
In Digest Method, select SHA256
-
In Default Authentication Group, enter the default group that is chosen when the authentication succeeds in addition to the extracted groups.
-
In Group Name, enter the name of the tag in the assertion that contains user groups.
-
In Skew Time (mins), specify the allowed clock skew in minutes that the service provider allows on an incoming assertion.
-
Click Create, and then click Close.
-
In the Create authentication policy dialog box, next to Named Expressions, select General, select True value, click Add Expression, click Create, and then click Close.
References
Share
Share
In this article
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.