SSO Google Apps StyleBook 编辑

SSO Google Apps StyleBook

Google Apps is a collection of cloud computing, productivity and collaboration tools, software and products that are developed by Google. Single Sign-On (SSO) enables users to access all of their enterprise cloud applications—including administrators signing in to the admin console—by signing in one time for all services using their enterprise credentials.

The Citrix ADM SSO Google Apps StyleBook allows you to enable SSO for Google Apps through Citrix ADC instances. The StyleBook configures the Citrix ADC instance as a SAML identity provider for authenticating users to access Google Apps.

Enabling SSO for Google apps in a Citrix ADC instance using this StyleBook results in the following steps:

  1. Configuring the authentication virtual server
  2. Configuring a SAML IdP policy and profile
  3. Binding the policy and profile to the authentication virtual server
  4. Configuring an LDAP authentication server and policy on the instance
  5. Binding the LDAP authentication server and policy to your authentication virtual server configured on the instance

Configuration details:

The following table lists the minimum required software versions for this integration to work successfully. The integration process also supports higher versions of the same.

ProductMinimum Required Version
Citrix ADCRelease 11.0, Advanced/Premium License

The following instructions assume that you have already created the appropriate external and internal DNS entries to route authentication requests to a Citrix ADC-monitored IP address.

Deploying SSO Google apps StyleBook configurations:

The following task assists you in deploying the Microsoft SSO Google Apps StyleBook in your business network.

To deploy SSO Google apps StyleBook

  1. In Citrix ADM, navigate to Applications > Configurations > StyleBooks. The StyleBooks page displays all the StyleBooks available for your use in Citrix ADM. Scroll down and find SSO Google Apps StyleBook. Click Create Configuration.

  2. The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.

  3. Enter values for the following parameters:

    1. Application Name. Name of the SSO Google apps configuration to deploy in your network.

    2. Authentication Virtual IP address. Virtual IP address used by the Citrix ADC AAA virtual server to which the Google apps SAML IdP policy is bound.

    3. SAML Rule Expression. By default, the following Citrix ADC Policy (PI) expression is used: HTTP.REQ.HEADER(“Referrer”).CONTAINS(“google”). Update this field with another expression if your requirement is different. This policy expression matches the traffic to which these SAML SSO settings are applied and makes sure that the Referrer header is coming from a Google domain.

  4. The SAML IdP Settings section allows you to configure your Citrix ADC Instance as a SAML identity provider by creating the SAML IdP profile and policy that is used by the Citrix ADC AAA virtual server created in step 3.

    1. SAML Issuer Name. In this field, enter the public FQDN of your authentication virtual server. Example: https://<Citrix_ADC_VIP>/saml/login

    2. SAML Service Provider (SP) ID. (optional) Citrix ADC identity provider accepts SAML authentication requests from an issuer name that matches this ID.

    3. Assertion Consumer Service URL. Enter the service provider’s URL where Citrix ADC identity provider needs to send the SAML assertions after successful user authentication. The assertion consumer service URL can be initiated at the identity provider server site or the service provider site.

    4. There are other optional fields that you can enter in this section. For example, you can set the following options:

      1. SAML binding profile (the default is the “POST” profile).

      2. Signature algorithm to verify/sign SAML requests/responses (default is “RSA-SHA1”).

      3. Method to digest hash for SAML requests/responses (default is “SHA-1”).

      4. Encryption algorithm (default is AES256), and other settings.

      Note

      Citrix recommends that you retain the default settings as these settings have been tested to support Google Apps.

    5. You can also enable User Attributes check box to enter the user details such as:

      1. Name of the user attribute

      2. Citrix ADC PI expression that is evaluated to extract the attribute’s value

      3. User-friendly name of the attribute

      4. Select the format of the user attribute.

      These values are included in the issued SAML Assertion. You can include as many as five sets of user attributes in an Assertion issued by Citrix ADC using this StyleBook.

  5. In LDAP Settings section, enter the following details to authenticate Google Apps users. For domain users to be able to log on to the Citrix ADC instance by using their corporate email addresses, you must configure the following:

    1. LDAP (Active Directory) Base. Enter the base domain name for the domain in which the user accounts reside within the Active Directory (AD) for which you want to allow authentication. For example, dc=netscaler,dc=com

    2. LDAP (Active Directory) Bind DN. Add a domain account (using an email address for ease of configuration) that has rights to browse the AD tree. For example, cn=Manager,dc=netscaler,dc=com

    3. LDAP (Active Directory) Bind DN Password. Enter the password of the domain account for authentication.

    4. A few other fields that you need to enter in this section are as follows:

      1. LDAP server IP Address that Citrix ADC connects to for authenticating users

      2. LDAP server’s FQDN name

        Note

        You must specify at least one of the above two - the LDAP server IP address or the FQDN name.

      3. LDAP server port that Citrix ADC connects to for authenticating users (default is 389).

      4. LDAP host name. This is used to validate the LDAP Certificate if validation is turned on (by default, it is turned off).

      5. LDAP login name attribute. The default attribute used to extract login names is samAccountname.

      6. Other optional miscellaneous LDAP settings

  6. In SAML IdP SSL Certificate section, you can specify the details of the SSL certificate:

    1. Certificate Name. Enter the name of the SSL certificate.

    2. Certificate File. Choose the SSL certificate file from the directory on your local system or on Citrix ADM.

    3. CertKey Format. Select the format of the certificate and the private-key files from the drop-down list box. The formats supported are .pem and .der extensions.

    4. Certificate Key Name. Enter the name of the certificate private key.

    5. Certificate Key File. Select the file containing the private key of the certificate from your local system or from Citrix ADM.

    6. Private Key Password. If your private key file is protected by a passphrase, enter it in this field.

    7. You can also enable Advanced Certificate Settings check box to enter details such as certificate expiry notification period, enable or disable the certificate expiry monitor.

  7. Optionally, you can select IdP SSL CA Certificate if the SAML IdP Certificate entered above requires a CA public Certificate to be installed on Citrix ADC. Make sure you select “Is a CA Certificate” in the advanced settings.

  8. Optionally, you can select SAML SP SSL Certificate to specify Google SSL certificate (public key) used to validate authentication requests from Google Apps (SAML SP).

  9. Click Target Instances and select the Citrix ADC instance(s) on which to deploy this Google Apps SSO configuration. Click Create to create the configuration and deploy the configuration on the selected Citrix ADC instance(s).

    Note

    You can also click the refresh icon to add recently discovered Citrix ADC instances in Citrix ADM to the available list of instances in this window.

Also,

Tip > > Citrix recommends that before running the actual configuration, you select Dry Run to visually confirm the configuration objects that are created on the target Citrix ADC instance(s) by the StyleBook.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:84 次

字数:11200

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文