Jump to content
Welcome to our new Citrix community!

Enable ADFS WAP SSO through ADC


Recommended Posts

Do you want to use NetScaler as an ADFS Proxy or as a Reverse Proxy which makes Microsoft ADFS available externally?

You can do both.

 

publishing microsoft adfs is probably easier, but you need to make protocols on netscaler on SSL_BRIDGE since ADFS doesn't support reverseproxy ssl-offloading. 

further you need to take care of SNI certificate binding on both ends and probably need to edit certificate binding on IIS ADFS.

 

but this depends on ADFS configuration and general infrastructure configuration.

 

You also need to decide, if you just want to make your ADFS front-end publicly available or if you want your users to logon to the netscaler and netscaler does sso towards ADFS for the user. Thats also possible. so basically you need to decide between 3 scenarios (netscaler AS adfs, netscaler publishing adfs, netscaler as ADFS frontend -> sso to adfs backend). there should be plenty of guides on how to configure each scenario when googling it. there is no universal configuration since adfs/SAML configuration depends a lot on what you need and how your applications work with SAML authentication

Link to comment
Share on other sites

I am just looking for the ADC to be the web application proxy. Which is what Microsoft says is the right thing to do and they support. 

 

I am on ADC v13 and ADFS on server 2019 and all the info i found was for older ADC or older versions of ADFS and i know that 2019 is a little more advanced than 2012/2012 R2. Just looking for someone who has made this to work to point me to the right doc that will make this easy to set up.

Link to comment
Share on other sites

  • 5 weeks later...

I just recently set this up with 2019 ADFS and I used some guide from 2013, so that wasn't a problem. Im not really ADFS-pro, but the most important part on ADC side is to implement rewrite policies so the ADC injects x-ms-proxy header. 

https://www.deyda.net/index.php/en/2019/02/26/citrix-adc-version-12-as-ad-fs-proxy/#Setup_AD_FS_Proxy use this one, that covers everything important

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...