Jump to content
Welcome to our new Citrix community!

AAA Setup with Forms SSO with custom app login?


AK IT

Recommended Posts

Is it possible to setup Netscaler AAA to front a website that has its own local authentication forms login? User accounts are maintained locally within the website so the AAA can't validate login information against LDAP/AD.

 

Looking to have the user enter their username/password on a Netscaler AAA login page and then have it perform SSO to the website using the same setup documented here: https://support.citrix.com/article/CTX124794/how-to-configure-netscaler-gateway-for-single-signon-to-a-web-form

Link to comment
Share on other sites

Hi AK,

 

If the application provides a protocol to talk to it from an authentication perspective (e.g. WebAuth) then maybe that could work. Another way could be to have AAA talk to LDAP and put the credentials for the application in specific attributes of the user account. You can then extract them and set them to be used as username/password via a LoginSchema. Advanced policy expressions allow you to encrypt and decrypt text so you could use that to at least not store it in plaintext in the attribute, but I wouldn't recommend this for something important/sensitive.

 

Hope this helps.

 

Cheers,

G.

  • Like 1
Link to comment
Share on other sites

On 8/5/2022 at 9:25 AM, Gunther De Poortere said:

Hi AK,

 

If the application provides a protocol to talk to it from an authentication perspective (e.g. WebAuth) then maybe that could work. Another way could be to have AAA talk to LDAP and put the credentials for the application in specific attributes of the user account. You can then extract them and set them to be used as username/password via a LoginSchema. Advanced policy expressions allow you to encrypt and decrypt text so you could use that to at least not store it in plaintext in the attribute, but I wouldn't recommend this for something important/sensitive.

 

Hope this helps.

 

Cheers,

G.

Thanks G. We ended up going the WebAuth method for AAA and also setup the FORMS SSO to automatically pass in the username and password into the forms login page. Took a bit to figure out the right POST expression for WebAuth but it works great.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...