SAML Server: Difference between revisions
Content added Content deleted
(→NetScaler as IDP: m) |
(→NetScaler as SP: added image) |
||
Line 68: | Line 68: | ||
== NetScaler as SP == |
== NetScaler as SP == |
||
[[File:SAML Server.png]] |
|||
;IP Address Scheme |
|||
10.107.88.70 SAML Server saml.testlab.com |
10.107.88.70 SAML Server saml.testlab.com |
||
10.107.88.69 Netscaler VIP aaavip.testlab.com |
10.107.88.69 Netscaler VIP aaavip.testlab.com |
||
10.107.88.79 Netscaler SNIP samlvip.testlab.com |
10.107.88.79 Netscaler SNIP samlvip.testlab.com |
||
10.107.88.93 Backend Server |
10.107.88.93 Backend Server |
||
10.107.88.80 LDAP Server |
10.107.88.80 LDAP Server |
||
== NetScaler as IDP == |
== NetScaler as IDP == |
Revision as of 18:36, 15 April 2017
Creating SAML Server
Source: helloitsliam.com,support.citrix.com, simplesamlphp.org, citrix.com
- Prerequisites:
Ubuntu Server - VM or Physical box Internet connectivity
- Update Ubuntu
sudo apt-get update sudo apt-get upgrade
- Install PHP, Apache2 & related libraries:
sudo apt-get install php7.0 apache2 php7.0-mcrypt php7.0-ldap php7.0-mysql libapache2-mod-php7.0 php-xml
- Installing SimpleSAMLphp binaries:
cd /var sudo wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.14.12/simplesamlphp-1.14.12.tar.gz sudo tar zxf simplesamlphp-1.14.12.tar.gz cd simplesamlphp-1.14.12/ sudo mv simplesamlphp-1.14.12 simplesamlphp sudo rm -f simplesamlphp-1.14.12.tar.gz cd simplesamlphp/
- Configuring SimpleSAML php:
sudo nano /var/simplesamlphp/config/config.php sudo nano /var/simplesamlphp/config/authsources.php sudo nano /var/simplesamlphp/metadata/saml20-idp-hosted.php sudo nano /var/simplesamlphp/metadata/saml20-sp-remote.php
- Pointing Apache to SimpleSAMLphp
sudo nano /etc/apache2/sites-available/000-default.conf
- Now check if application is accessible over HTTP:
http://<ip-address-of-server>/simplesamlphp
- Enabling Secure (read SSL) access:
cd /etc/apache2/ sudo mkdir ssl
sudo openssl genrsa -des3 -out Certificate.key 4096 sudo openssl rsa -in Certificate.key -out Certificate.pem sudo openssl req -new -key Certificate.key -out Certificate.csr sudo openssl x509 -req -days 9999 -in Certificate.csr -signkey Certificate.key -out Certificate.crt
sudo a2enmod ssl sudo service apache2 restart
sudo nano /etc/apache2/sites-available/000-default.conf sudo a2ensite ssl sudo a2enmod ssl sudo service apache2 restart
sudo phpenmod mcrypt sudo service apache2 restart
- Now the page should be available over https:
https://<ip-address-of-server>/simplesamlphp
Integrating with SAML Server
You need to have a SAML Server to achieve below setups:
NetScaler as SP
- IP Address Scheme
10.107.88.70 SAML Server saml.testlab.com 10.107.88.69 Netscaler VIP aaavip.testlab.com 10.107.88.79 Netscaler SNIP samlvip.testlab.com 10.107.88.93 Backend Server 10.107.88.80 LDAP Server
NetScaler as IDP
This section is under construction. |
Troubleshooting
- For Netscaler:
> set syslogParams -logLevel ALL
- References
{{#widget:DISQUS
|id=networkm
|uniqid=SAML Server
|url=https://aman.awiki.org/wiki/SAML_Server
}}