Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Login to the DualShield Management Console
  2. In the main menu, select “Authentication | Logon Procedure”
  3. Click the “Create” button on the toolbar
  4. Enter “Name” and select “Web” “Web SSO” as the type.
    Image Removed
    Image Added

  5. Click “Save”
  6. Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
  7. In the popup windows, click the “Create” button on the toolbar
  8. Select the desired authentication method, e.g. “Static Password”
  9. Click "Save"
  10. Repeat step 7-9 to add more logon steps if desired, e.g. "One-Time Password"



  11. Click "Save"

...

  1. In the main menu, select “Authentication | Application”
  2. Click the “Create” button on the toolbar
  3. Enter “Name”
  4. Select “Realm”
  5. Select the newly created logon procedure
    Image Removed
    Image Added

  6. Click "Save"
  7. Click the context menu of the newly created application, select "Agent"



  8. Select the SSO Server
  9. Click "Save"
  10. Click the context menu of the newly created application, select "Self Test"

...

  1. In the main menu, select “SSO | Service Providers”
  2. Click the “Create” button on the toolbar
  3. In the “SSO Server” field, select your DualShield SSO server from the list
  4. In the "Name" field, enter the name for the Service Provider to be created
  5. In the "Type" field, select “SAML 2.0” 
  6. In the "Metadata" box, enter the metadata of the service provider to be created. Use the template  below to create the metadata. Change the value of the "entityID" and "Location" attributes (highlighted in red) to the FQDN of your NetScaler Gateway Virtual Server.

    Info

    <?xml version="1.0" encoding="UTF-8" ?>

    <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ageesaml.deepnetqa.com">

        <SPSSODescriptor WantAssertionsSigned="true"   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

            <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

            <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ageesaml.deepnetqa.com/cgi/samlauth" index="0" isDefault="true">

            </AssertionConsumerService>

        </SPSSODescriptor>

    </EntityDescriptor>

    Image RemovedImage Added