Mark Nickolai 2 Posted September 8, 2023 Share Posted September 8, 2023 Is it possible to apply SAML2 authentication for admin login to NetScaler WebUI ? Link to comment Share on other sites More sharing options...
Hemang Raval Posted September 11, 2023 Share Posted September 11, 2023 No Mark, Currently it is not possible to have SAML authentication for admin login to NetScaler Web UI. Request you to kindly raise enhancement request for same with the help of support/Sales team. Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted September 11, 2023 Share Posted September 11, 2023 Hi Mark, i guess you could do an LB infront of the GUI, wher eyou have Authentucation enabled with SAML setup. the password part is going to be a dirty hack. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 9, 2023 Share Posted October 9, 2023 Or even better: Support for OAuth since SAML is End Of Life in Azure Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted October 9, 2023 Share Posted October 9, 2023 4real? those clouds, they are keeping us busy! :) Link to comment Share on other sites More sharing options...
Mark Nickolai 2 Posted October 9, 2023 Author Share Posted October 9, 2023 I tried to google this statement but I did not find a source stating. Do you mind to add a source for this? Link to comment Share on other sites More sharing options...
Mark Nickolai 2 Posted October 9, 2023 Author Share Posted October 9, 2023 Yeah, this sounds like a bad idea, especially since the password is never meant to be part of the saml header Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 12, 2023 Share Posted October 12, 2023 This will be a two step process to explain. The thing is that Microsoft used something called ADAL in the past. ADAL is now End of Life. End of support and since march 23 no longer even patched for security fixes.Whenever you obtain a saml assertion from Azure IDP you are talking with ADAL in Azure.MSAL is the new Auth framework. it is not possible to obtain a saml assertion from MSAL Endpoints in Azure since MSAL does not support SAML.This link show ADAL = End Of Life, End of security patches.https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-migration Furthermore follow this link and read Microsoft`s answer that they do not support SAML on MSAL.https://learn.microsoft.com/en-us/answers/questions/1074499/is-it-possible-to-use-msal-access-token-in-saml-flAdding a very important thing in regards to using OAuth as an IDP in Azure:You have to use the v2 version since v1 = ADAL.v2 endpoint is something like this: https://login.microsoftonline.com/organizations/oauth2/v2.0/ = MSALhttps://login.microsoftonline.com/organizations/oauth2/v1.0/ = ADALYeah they really keep us busy.. This topic is a big challenge for the producers of applications i host behind netscaler. They are soo proud they can finally say "Now we support SAML" ... And im like "oh noes.. here we go again" .... 1 week with meetings and discussions with their dev team they go "ok, fuck" "we get it now"... Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 12, 2023 Share Posted October 12, 2023 But the real cool thing is: Netscaler supports it :D on everything but CAG.. Netscaler can even be an OAuth 2.0 V2 MSAL API Gateway with bearer token cache. That means you can protect legacy API´s using Netscaler without rewriting backend code only clientside which is possible.. Changing legacy backend API´s = Forget it.. 10 years ++ dev work for the devs Link to comment Share on other sites More sharing options...
Mark Nickolai 2 Posted October 12, 2023 Author Share Posted October 12, 2023 I hope CAG is not the same product as NetScaler Gateway? Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 12, 2023 Share Posted October 12, 2023 Correct. Netscaler Gateway seems to be the correct name for CAG these days. (Citrix Access Gateway). Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted October 13, 2023 Share Posted October 13, 2023 Hey KaiWhat is not supported on CAG / NSGW? Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 13, 2023 Share Posted October 13, 2023 OAuth Authentication as far as i know.. if you have found a way please share :D Only SAML works as far as i can work out. Link to comment Share on other sites More sharing options...
Kai Thorsrud Posted October 13, 2023 Share Posted October 13, 2023 OAuth Authentication as far as i know.. if you have found a way please share :D Only SAML works as far as i can work out. Link to comment Share on other sites More sharing options...
Morten Kallesøe Posted October 13, 2023 Share Posted October 13, 2023 i would expect everything in AAAVS to work in conjunction with NSGW via an authprofile. including oAuth - its not something i can confirm though, but i would create a thread with PM to get this working if it wasnt. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now