Jump to content
Welcome to our new Citrix community!

Load Balanced virtual server with SAML authentication to Azure AD

David Harfst

Recommended Posts

I've got a Nescaler VPX running NS11.1 63.15.nc in front of an IIS 10 web server.  I set up a load balanced virtual server to act as a reverse proxy for the web server.  But I want to authenticate users who access the web site with Azure AD as the SAML IDP.


I've got everything set up on the Azure side, but I'm having difficulty figuring out how to set up the Authentication server/policy on the Netscaler side.  The documentation mentions you can input a metadata URL, which I have, but this build version doesn't seem to have those options.


Can someone point me to a how-to for this configuration?

Link to comment
Share on other sites

15 hours ago, Koenraad Willems said:



Have you seen this guide? It's written for Virtual Apps and Desktops, but I'm sure you will be able to get the required info from it:







I believe I figured it out, comparing the "add authentication" command to what I already had set up for Storefront.  The part I was missing was the "Issuer Name", which is not clearly documented that it needs to be the URL of the web site in most of the documentation, and is not marked as a required field.

Link to comment
Share on other sites

Link to comment
Share on other sites

Switched to SHA256 out of the box.


I've gone through three of those four links already with no success.  The fourth is for the Netscaler as the IDP which does not apply in my use case.


There's not a lot of documentation on the Authentication Virtual Server, and also not a lot on how to debug this error.  aaad.debug gives me the assertion, but www.samltool.com says it's valid.  Nothing logged in ns.log.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...