Exercise 3 4 Configure NetScaler as SAML SP and IDP In this exercise You will

Exercise 3 4 configure netscaler as saml sp and idp

This preview shows page 39 - 42 out of 110 pages.

Exercise 3-4: Configure NetScaler as SAML SP and IDP In this exercise, You will configure NetScaler as SAML Service provider and SAML Identity provider. You will use the Configuration Utility to perform this exercise. Before we start with the exercise let us discuss the connection flow with SAML The SP trusts the IdP (trust relationship) The user connects to service, protected by SP. (In this scenario NetScaler Gateway) The user is redirected by SP to IdP to authenticate (SAML Request signed by SP) user brings SAML Request to IdP and authenticates (In this scenario AAA Vserver with LDAP bound to check the AD database) IdP creates SAML assertion after successful authentication and redirects back to SP (SAML assertion signed by IdP). SP validates SAML assertion and uses values for authorization. In this exercise, you will perform the following tasks: Configure SAML IDP Policy. Configure AAA Vserver and bind the SAML IDP Policy to the vserver. Configure SAML SP Policy and bind it to the NetScaler Gateway Vserver. Configure NetScaler as IDP Step Action 1.Connect to the NetScaler configuration utility for the HA Pair using the NSMGMT SNIP at . Log into the utility using the following credentials: User Name: nsrootPassword: nsroot 2.Enable AAA Application Traffic Navigate to Security> AAA- Application Traffic.If you observe a yellow (!)icon, right click on it. Click Enable Feature
Image of page 39
40 3. Configure AAA Vserver Navigate to Security > AAA - Application Traffic >Authentication Virtual Servers Click Add Enter Name as vsrv_aaa Confirm if in the IP Address Type field IP Address is selected Enter IP Address as 172.21.10.108 Observe that the port and protocol are selected as 443 and SSL respectively Click OK 4. Bind Certificate to the AAA Vserver In the Certificate section, Click No Server Certificate Click Click to select Select wc.training-certkey Click Bind Click Continue 5. Bind LDAP Policy to the AAA Vserver Click No Authentication Policy In the Select Policy file, Click Click to select Select the LDAP policy Click Select Click Bind Click Continue Click Done 6. Configure SAML IDP Profile Navigate to Security>AAA - Application Traffic>Policies>Authentication>Advanced Policies>SAML IDP Click Profiles Click Add Enter Name as SAML_IDP_Prof Enter Assertion Consumer Service Url as Select IDP Certificate Name as wc-training-certkey Select SP Certificate Name as wc-training-certkey Select Encrypt Assertion Select Encryption Algorithm as AES256 Enter Issuer Name as Let the other settings be default Click Create Note: in this scenario we have a wildcard certificate in the lab so we will be using the same certificate on IDP and SP. However, in the production you may use separate certificates
Image of page 40
41 7. Configure SAML IDP Policy Navigate to Security>AAA - Application Traffic>Policies>Authentication>Advanced Policies>SAML IDP Click Policies Click Add Enter Name as SAML_IDP_Pol Select Action as SAML_IDP_Prof
Image of page 41
Image of page 42

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture