Configuring SAML single sign-on
To provide single sign-on capabilities across applications that are hosted on the service provider, you can configure SAML single sign-on on the SAML SP.
Configuring SAML single sign-on by using the command line interface
配置SAML SSO配置文件。
Example
In the following command,Exampleis the load balancing virtual server that has a web link from the SharePoint portal. Nssp.example.com is the Traffic Management virtual server that is load balancing the SharePoint server.
add tm samlSSOProfile tm-saml-sso -samlSigningCertName nssp -assertionConsumerServiceURL "https://nssp2.example.com/cgi/samlauth" -relaystateRule "\\"https://nssp2.example.com/samlsso.html\\"" -sendPassword ON -samlIssuerName nssp.example.com
Associate the SAML SSO profile with the traffic action.
Example
The following command enables SSO and binds the SAML SSO profile created above to a traffic action.
add tm trafficAction html_act -SSO ON -samlSSOProfile tm-saml-sso
Configure the traffic policy that specifies when the action must be executed.
Example
The following command associates the traffic action with a traffic policy.
add tm trafficPolicy html_pol "HTTP.REQ.URL.CONTAINS(\\"abc.html\\")" html_act
Bind the traffic policy created above to a traffic management virtual server (load balancing or content switching). Alternatively, the traffic policy can be associated globally.
Note
This traffic management virtual server must be associated with the relevant authentication virtual sever that is associated with the SAML action.
bind lb vserver lb1_ssl -policyName html_pol -priority 100 -gotoPriorityExpression END -type REQUEST
通过使用图形配置SAML单点登录ical user interface
Define the SAML SSO profile, the traffic profile, and the traffic policy.
Navigate toSecurity > AAA - Application Traffic > Policies > Traffic, select the appropriate tab, and configure the settings.
Bind the traffic policy to a traffic management virtual server or globally to the Citrix ADC appliance.