Install the DualShield SSO Server IdP Certificate

  1. Log into the DualShield Authentication server, in the main menu, select “SSO”

  2. Click the SSO Server context menu, select “Download IdP Certificate” and save the file.
  3. Log in to the NetScaler VPX web console, select “Traffic Management | SSL | Certificates”, click “Install”
  4. Enter the “Certificate-Key Pair Name”
  5. Upload the DualShield SSO server certificate from local store

Create SAML Authentication Server

  1. Log into the DualShield Authentication Server, select “SSO”
  2. Click the SSO Server context menu, select “Download IdP Metadata” and select the newly create application, e.g.  “NetScalerSAML XenApp”



  3. Log into the NetScaler VPX web console, select “Configuration | NetScaler Gateway | Policies | Authentication | SAML”
  4. Click the “Servers” tab, and click “Add”

    1. Enter the "Name"

      1.  In the "Redirect URL" field, enter the URL below:

      http://dualshield.qadomain.com:8074/appsso/login?DASApplicationName=NetScalerSAML XenApp

      2. In the "Single Logout URL" field, enter the logout URL below:

      http://dualshield.qadomain.com:8074/appsso/logout?DASApplicationName=NetScalerSAML XenApp

      Replace "dualshield.qadomain.com" with the FQDN of your DualShield server, "NetScalerSAML XenApp" with the application name of the Netscaler Access Gateway in your DualShield server.

      3. In the "SAML Issuer Name" field, enter the FQDN of your NetScaler Gateway Virtual Server. (The SAML Issuer Name must be identical to the EntityID in the metadata of the service provider that was set up in the previous section)

      4. Select "Redirect" on SAML binding field. 

      5. Turn off the "Two-Factor" authentication".

      6. Add the attribute names which were created in the DualShield Service Provider.

  5. Select the newly installed DualShield SSO server certification on "IdP Certificate name" field
  6. Click "Create" and "Close"

Create SAML Authentication Policy

  1. Select “Configuration | NetScaler Gateway | Policies | Authentication | SAML”
  2. Click the “Policies” tab, and click “Add”
  3. Enter the “Name”
  4. Create an “ns_true” expression
  5. Select the newly created SAML authentication server, e.g. “dualshield_saml”



  6. Select the "ns_true" expression 

  7. Click "OK"

Create Traffic Profile

  1. Select “Configuration | NetScaler Gateway | Policies | Traffic”
  2. Click the “ Traffic Profiles” tab, and click “Add”
  3. Enter the “Name”



  4. Configure the SSO user expression as "http.req.user.attribute(1)" 
  5. Configure the SSO password expression as "http.req.user.attribute(2).B64DECODE" 

Create Traffic Profile Policy 

  1. Select “Configuration | NetScaler Gateway | Policies | Traffic”
  2. Click the “ Traffic Polies” tab, and click “Add”
  3. Enter the “Name”, and then select the newly create Traffic Profile



  4. Select the "ns_true" expression  and click "Create"

Configure the NetScaler Gateway Virtual Server 

  1. Select "Virtual Server", and click the NetScaler Gateway Virtual Server. 
  2. Click "Edit", select "Authentication", and bind the newly SAML policy, e.g. dualshield_saml_SAML_pol. 



  3. Click "Policies", choose the "Traffic" type and bind the newly created session policy,e.g. "StoreFront Traffic Policy". 

  • No labels