NetScaler: Difference between revisions
→Configuration: added
(→NetScaler as SP: added) |
(→Configuration: added) |
||
Line 47:
=== Configuration ===
<pre style="width: 97%; overflow-x: scroll;">
add ns ip 10.107.88.78 255.255.255.224 -type NSIP -vServer DISABLED -mgmtAccess ENABLED -dynamicRouting ENABLED
add ns ip 10.107.88.67 255.255.255.224 -type VIP -snmp DISABLED
add ns ip 10.107.88.87 255.255.255.224 -vServer DISABLED -gui DISABLED -ssh DISABLED -mgmtAccess ENABLED
add service Server3 Ubuntu_Server HTTP 8083 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service Server4 Ubuntu_Server HTTP 8084 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO
add service Server1 Ubuntu_Server HTTP 8081 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
add service Server2 Ubuntu_Server HTTP 8082 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES
add ssl certKey ns-server-certificate -cert ns-server.cert -key ns-server.key
add ssl certKey web.testlab.com -cert web.testlab.com.CER
add ssl certKey sf.testlab.com -cert sf.testlab.com.cer -key sf.testlab.com.key -passcrypt "gScQiu+ULgg="
add ssl certKey testlab-root -cert root.cer -passcrypt "gScQiu+ULgg="
add ssl certKey IDP-Cert -cert idp.crt
add authentication samlIdPProfile SAML-IDP-Profile -samlIdPCertName sf.testlab.com -assertionConsumerServiceURL "https://saml.testlab.com/simplesaml/"
add lb vserver Saml-Test-Srv SSL 10.107.88.79 443 -persistenceType SOURCEIP -cltTimeout 180 -AuthenticationHost aaavip.testlab.com -Authentication ON -authnVsName Saml-vServer
add authentication vserver Saml-vServer SSL 10.107.88.69 443
set ns encryptionParams -method AES256 -keyValue 4bd351ed61dbec30ef34ffeafc8d94acdd35e3336fa0b881780f72b293ec33c89ea91201302a0649da1970d4e5fcb5c50a83c0f95c28a29e9b57c9619dd6259b4c55debd1eff2f6ce714fe5974675220 -encrypted -encryptmethod ENCMTHD_3
bind lb vserver Saml-Test-Srv Server3
add dns nameServer 10.107.88.80
add lb monitor STAMONNHOP-webServer CITRIX-STA-SERVICE-NHOP -LRTM DISABLED -interval 2 MIN -resptimeout 4 -downTime 5 -destIP 10.107.88.93 -destPort 8083
add authentication samlAction Saml-vServer -samlIdPCertName sf.testlab.com -samlSigningCertName sf.testlab.com -samlRedirectUrl "https://saml.testlab.com/simplesaml/saml2/idp/SSOService.php" -samlUserField sAMAccountName -samlRejectUnsignedAssertion OFF -samlIssuerName testlab-AD-CA -Attribute1 sAMAccountName -logoutURL "https://saml.testlab.com/simplesaml/saml2/idp/SingleLogoutService.php" -skewTime 30
add authentication samlPolicy Saml-Policy ns_true Saml-vServer
bind authentication vserver Saml-vServer -policy Saml-Policy -priority 100
bind ssl vserver Saml-Test-Srv -certkeyName sf.testlab.com
bind ssl vserver Saml-Test-Srv -certkeyName testlab-root -CA -ocspCheck Optional
bind ssl vserver Saml-vServer -certkeyName sf.testlab.com
set ns param -timezone "GMT+05:30-IST-Asia/Kolkata"
</pre>
=== Logs ===
| |||