Citrix XenDesktop, ADFS, Azure MFA, NetScaler Unified Gateway and Citrix FAS – Part 3

Previous Articles in this series

Part 1 – ADFS

Part 2 – Citrix FAS and StoreFront

Part 3 of this blog series will walk you through setting up your NetScaler Gateway authentication policies to hand off authentication to ADFS as well as setting up the NetScaler as an ADFS Proxy and binding this to your Externally Facing Content Switch.

SAML Authentication Policies

You will need to create a SAML Authentication Policy to bind to your NetScaler Gateway in order to hand off authentication to your ADFS Service.

Head to Security – AAA – Application Traffic – Policies – Authentication – Basic Policies – SAML

Select the Servers tab and click to Add your new SAML Server

Set up your SAML Server as shown below

NOTES

• The IDP Certificate Name and Signing Certificate name are being used as we replaces the Token Signing and Token Decrypting Certificate when setting up ADFS in Part 1 of this series
• The Redirect and Logout URL use the EXTERNAL FQDN for my ADFS Service with /adfs/ls/ tagged onto the end of the URL
• Issuer Name: This needs to be listed as a relying party in ADFS – if this is not listed SAML will not work and the authentication process will fail.

ADFS Signing Certificates

Read the entire article here, Putting it all together – Citrix XenDesktop, ADFS, Azure MFA, NetScaler Unified Gateway and Citrix FAS – Part 3

via Dave Brett at bretty.me.uk