This article provides information on how to configure ADFS on Microsoft 2012 server to use with  NetScaler appliance.

Instructions

To configure ADFS on Microsoft 2012 server to use with NetScaler appliance, complete the following steps:

1. Launch ADFS Management and select add relaying party trust.
   

2. As NetScaler does not auto generate the metadata file, choose Enter data about the relaying party option.
   

3. Choose AD FS profile option.
   

4. NetScaler does not support encryption, so ignore Configure Certificate and then Click Next.
   

5. Select Enable support for SAML2.0 SSO.
   

6. Type the URL as NS vserver FQDN: https://<Netscaler.vserver.com>/cgi/samlauth.
   This URL is Assertion consumer service URL on NetScaler. It is constant and NetScaler expects a SAML response on this URL.

7. Configure the identifier name.
   

8. Choose the Permit all the users to access the relaying party option.
   

9. Review the settings and close Adding Relaying Party.

10. After the relaying party is added, Claim rules can be added as shown in the following screen shots:
    

    

    

    

    

11. To configure a signing certificate, go to Relaying Party > Properties and add the signing certificate.
    Note: If the specified signing certificate is less than 2048 key size, ADFS will throw a warning message that can be ignored.
    If the deployment is for a test environment, clear the signing certificate cancellation check on the Relaying party. Otherwise, ADFS will try the CRL provided in the signing certificate to validate the certificate.
    C:\Users\Administrator> Set-ADFSRelyingPartyTrust -SigningCertificateRevocationCheck None -TargetName Netscaler