Jump to content
Welcome to our new Citrix community!

Netscaler as ADFS Proxy: MS-ADFSPIP Compliance


Recommended Posts

Hi, 

 

Is there any planned support for MS-ADFSPIP ? 

In Microsofts revised ADFS Third Party Proxy requirements it is now required that third party proxies supports MS-ADFSPIP

 

ref: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-requirements#BKMK_3

 

I have several implementations today using Netscaler as an ADFS WAP Replacement. 

I can successfully do passive federation 

I can successfully do active federation (utilizing Kerberos Constrained Delegation)

I can register office using netscaler as adfs proxy, i can do windows 10 license registration, i can do lync and other applications requireing active federation. 

I can do cert based auth (using port 49443) 

 

To reach functionallity level I have used several sources of information including reading big ip documentation since Citrix documentation is lacking alot on this matter. 

 

I am however concerned for future compabillity using Netscaler as an WAP replacement. 

I noticed BigIP also brags about ADFSPIP Compliance. 

 

It would be of great relief for me and my customers to get some official information from Citrix on this matter. 

 

 

 

 

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 7 months later...

Hi All,

 

Can anyone confirm if I should be able to use NetScaler ADFS proxy for ADFS 4 and decipher extranet users? Currently NetScaler proxied requests aren't being detected as Extranet and thus MFA isn't being triggered as a requirement for our relying party it's configured on... I really don't want to deploy WAFs for this task. Unfortunately it looks like zero activity has been made to officially support ADFS proxy tasks by Citrix...

Link to comment
Share on other sites

You can but you are stuck with decoding the ADFS-MSPIP standard and decoding and setting the correct http headers. You also need to decode and understand how to do active federation trough a netscaler. This forum contains the pieces of information required to achieve active federation.

I would advise to chase Citrix on https://support.citrix.com/article/CTX233717

Link to comment
Share on other sites

  • 6 months later...
  • 5 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...