Netscaler - Passtrough SAML Auth

178 Views Asked by itshorty At 21 October 2024 at 00:01

We have the following Situation.

Public reachable SSO Portal based on Microsoft ADFS (sso.company.com) Public reachable Citrix Netscaler (netscaler.company.com) Private WebServer (web.company.com) - Not reachable from the internet.

We managed to authenticate against the Netscaler portal with ADFS. Also we can authenticate against the WebServer inside our Network with ADFS.

Our problem is now to configure Netscaler in a way that we also can use the SSO Login to web.company.com from outside via Netscaler.

I hope that's somewhat clear.

Original Q&A

There are 2 best solutions below

virgula24 On 22 April 2020 at 12:26 BEST ANSWER

I assume you are using SAML and not OAUTH (shouldn't make a difference):

Is SSO for web.company.com SAML based?

if not then the NS can't help you since SAML does not hold a password by default.
if it is using SAML then just configure the new endpoint in your IDP and everything will be transparent

KaiT On 20 May 2020 at 19:42

The anove answer is incorrect. Netscaler can indeed do this and i have done it several times.

You need to use Kerberos Constrained Delegation on backend and SAML/OIDC on Front End. With Kerberos Constrained Delegation you are allowed to impersionate another user without having the password.

Netscaler - Passtrough SAML Auth

There are 2 best solutions below

Related Questions in SINGLE-SIGN-ON

Related Questions in SAML

Related Questions in ADFS

Related Questions in CITRIX

Related Questions in NETSCALER

Trending Questions

Popular # Hahtags

Popular Questions