DualShield Configuration [CTX-SAML-AGEE]

Create a Web logon procedure

1. Login to the DualShield Management Console
2. In the main menu, select “Authentication | Logon Procedure”
3. Click the “Create” button on the toolbar
4. Enter “Name” and select “Web SSO” as the type.
   
   
   
   
5. Click “Save”
6. Click the Context Menu icon of the newly create logon procedure, select “Logon Steps”
7. In the popup windows, click the “Create” button on the toolbar
8. Select the desired authentication method, e.g. “Static Password”
9. Click "Save"
10. Repeat step 7-9 to add more logon steps if desired, e.g. "One-Time Password"
    
    
    
    
11. Click "Save"

Create a Web application

1. In the main menu, select “Authentication | Application”
2. Click the “Create” button on the toolbar
3. Enter “Name”
4. Select “Realm”
5. Select the newly created logon procedure
   
   
   
   
6. Click "Save"
7. Click the context menu of the newly created application, select "Agent"
   
   
   
   
8. Select the SSO Server
9. Click "Save"
10. Click the context menu of the newly created application, select "Self Test"
    
    

Create a web application Service provider

1. In the main menu, select “SSO | Service Providers”
2. Click the “Create” button on the toolbar
3. In the “SSO Server” field, select your DualShield SSO server from the list
4. In the "Name" field, enter the name for the Service Provider to be created
5. In the "Type" field, select “SAML 2.0” 

6. In the "Metadata" box, enter the metadata of the service provider to be created. Use the template  below to create the metadata. Change the value of the "entityID" and "Location" attributes (highlighted in red) to the FQDN of your NetScaler Gateway Virtual Server.

   <?xml version="1.0" encoding="UTF-8" ?>

   <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://ageesaml.deepnetqa.com">

       <SPSSODescriptor WantAssertionsSigned="true"   protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">

           <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>

           <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ageesaml.deepnetqa.com/cgi/samlauth" index="0" isDefault="true">

           </AssertionConsumerService>

       </SPSSODescriptor>

   </EntityDescriptor>

   

   Related Articles

   • MFA for VPN