Jump to content
Welcome to our new Citrix community!

NetScaler as idP for O365 and problem with SSO for internal

Recommended Posts



I'am trying to implement SSO for O365 with NetScaler as idP.

I Follow great article from https://www.jgspiers.com/single-sign-on-office-365-netscaler-saml-azure-mfa-authentication/


External works like a charm.


but for internal access with domain device it's not working.


the negotiate part is working.

it's the LDAP whare i have some trouble


In /tmp/aaad.debug I can see Netscaler use login@internaldomain.local. but my UPN are mail@publicdomain.com


so NetScaler cannot match the user and retreive attribute.


Is anybody have encounter this problem ?


Thanks a lot.





Link to comment
Share on other sites

  • 1 year later...
15 hours ago, jeferson bernal1709160559 said:

Mathieu BRUSTON  did you solve the internal SSO issue? I have a very big problem trying to understand how the NTML configuration take place. Not support or documentation to do the config. How did you config NTML for the internal negociation. 



I don't use NTLM for two reason :

- it's weak authentication protocol

- you need an additionnal server with IIS to perform authentication.


So I use only Negotiate and LDAPS Authentication


what is your need to use NTLM ?



Link to comment
Share on other sites

Not sure how to do the negotiation for sso internally. Quite lost in the config. I have an internal aaa vserver which has SAML policy attached to it. Following the blog above does not show how to tweak the internal netociation against ldap. Howeve the negotiation is asking for a ntml path . Can you explain a bit how you configure the internal policy? Much appreciated! Thanks 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...