Jump to content
Welcome to our new Citrix community!

Bookmarks - How to use AD group lookup when SAML is the unified gateway authentication method?


Recommended Posts

Hi All,


Likely a silly one, I've been clicking around for a while and browsing for answers but haven't had any luck so far.



- Unified Gateway

- SAML authentication profile tied to UG

- Bookmarks configured against AD groups, not virtual server.



- Using SAML auth profile, the bookmarks are not displayed for the user account

- Using LDAP auth as primary basic auth, the bookmarks are displayed based on user AD group membership


I'm guessing without using LDAP as the auth method for the UG, the bookmark groups aren't being enumerated for display.


Can I call the LDAP group lookup behind the scenes at login? I haven't found too much on this so far.




I feel like I am getting closer now.

AAD Enterprise App has been modified to send the SamAccountName of the groups and I can see it in the login process now.

Netscaler SAML SP and AAA Group has been updated - (citrix.com)https://support.citrix.com/article/CTX230661/saml-sp-group-membership-through-adfs



Link to comment
Share on other sites


- Ignore the Set Attribute #2 on the SAML SP Side

- Fill out the Group Name Field under the Authentication SAML Server field to match the tokens reference for groups e.g. - http://schemas.microsoft.com/ws/2008/06/identity/claims/groups

- Using AAA.USER.ATTRIBUTE(3).CONTAINS("AD_GRP_APP_IIS01"), the attribute number didn't matter as long as teh Group Name Field was filled in

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...