SAML Server: Difference between revisions

From Network Security Wiki
Content added Content deleted
(→‎NetScaler as SP: added image)
Line 68: Line 68:
== NetScaler as SP ==
== NetScaler as SP ==


[[File:SAML Server.png]]

;IP Address Scheme
10.107.88.70 SAML Server saml.testlab.com
10.107.88.70 SAML Server saml.testlab.com
10.107.88.69 Netscaler VIP aaavip.testlab.com
10.107.88.69 Netscaler VIP aaavip.testlab.com
10.107.88.79 Netscaler SNIP samlvip.testlab.com
10.107.88.79 Netscaler SNIP samlvip.testlab.com
10.107.88.93 Backend Server
10.107.88.93 Backend Server
10.107.88.80 LDAP Server
10.107.88.80 LDAP Server



== NetScaler as IDP ==
== NetScaler as IDP ==

Revision as of 18:36, 15 April 2017

Creating SAML Server

Source: helloitsliam.com,support.citrix.com, simplesamlphp.org, citrix.com

  • Prerequisites:
Ubuntu Server - VM or Physical box
Internet connectivity
  • Update Ubuntu
sudo apt-get update
sudo apt-get upgrade
  • Install PHP, Apache2 & related libraries:
sudo apt-get install php7.0 apache2 php7.0-mcrypt php7.0-ldap php7.0-mysql libapache2-mod-php7.0 php-xml
  • Installing SimpleSAMLphp binaries:
cd /var
sudo wget https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.14.12/simplesamlphp-1.14.12.tar.gz
sudo tar zxf simplesamlphp-1.14.12.tar.gz
cd simplesamlphp-1.14.12/
sudo mv simplesamlphp-1.14.12 simplesamlphp
sudo rm -f simplesamlphp-1.14.12.tar.gz 
cd simplesamlphp/
  • Configuring SimpleSAML php:
sudo nano /var/simplesamlphp/config/config.php
sudo nano /var/simplesamlphp/config/authsources.php
sudo nano /var/simplesamlphp/metadata/saml20-idp-hosted.php
sudo nano /var/simplesamlphp/metadata/saml20-sp-remote.php
  • Pointing Apache to SimpleSAMLphp
sudo nano /etc/apache2/sites-available/000-default.conf
  • Now check if application is accessible over HTTP:
http://<ip-address-of-server>/simplesamlphp
  • Enabling Secure (read SSL) access:
cd /etc/apache2/
sudo mkdir ssl

sudo openssl genrsa -des3 -out Certificate.key 4096
sudo openssl rsa -in Certificate.key -out Certificate.pem
sudo openssl req -new -key Certificate.key -out Certificate.csr
sudo openssl x509 -req -days 9999 -in Certificate.csr -signkey Certificate.key -out Certificate.crt

sudo a2enmod ssl
sudo service apache2 restart

sudo nano /etc/apache2/sites-available/000-default.conf
sudo a2ensite ssl
sudo a2enmod ssl
sudo service apache2 restart

sudo phpenmod mcrypt
sudo service apache2 restart
  • Now the page should be available over https:
https://<ip-address-of-server>/simplesamlphp


Integrating with SAML Server

You need to have a SAML Server to achieve below setups:


NetScaler as SP

IP Address Scheme
10.107.88.70	SAML Server	saml.testlab.com
10.107.88.69	Netscaler VIP	aaavip.testlab.com
10.107.88.79	Netscaler SNIP	samlvip.testlab.com
10.107.88.93	Backend Server
10.107.88.80	LDAP Server

NetScaler as IDP

        This section is under construction.


Troubleshooting

  • For Netscaler:
> set syslogParams -logLevel ALL



References





{{#widget:DISQUS |id=networkm |uniqid=SAML Server |url=https://aman.awiki.org/wiki/SAML_Server }}

Retrieved from "https://aman.awiki.org/wiki/SAML_Server?oldid=1386"