How to configure SSO (Single Sign-On) between Citrix ADC acting as ADFS Proxy Server and Backend ADFS Server

How to configure SSO (Single Sign-On) between Citrix ADC acting as ADFS Proxy Server and Backend ADFS Server

book

Article ID: CTX316339

calendar_today

Updated On:

Description

Single-Sign-On between Citrix ADC acting as ADFS Proxy Server and Backend ADFS Server can be achieved with the help of the below Traffic SSO policy configuration.

Instructions

Configure the below mentioned Traffic SSO policy and bind to ADFS LB vServer:
  1. add tm formSSOAction AAA-TFSSO-EXT_ADFS -actionURL "/adfs/ls" -userField UserName -passwdField Password -ssoSuccessRule true -nameValuePair "AuthMethod=FormsAuthentication" -responsesize 15000 -submitMethod POST
  2. add tm trafficAction AAA-TPF-EXT_ADFS_LOGOUT -appTimeout 1 -persistentCookie OFF -InitiateLogout ON -kcdAccount NONE
  3. add tm trafficAction AAA-TPF-EXT_ADFS_LOGIN -appTimeout 1 -SSO ON -formSSOAction AAA-TFSSO-EXT_ADFS -persistentCookie ON -InitiateLogout OFF -kcdAccount NONE
  4. add tm trafficPolicy AAA-TPL-EXT_ADFS_LOGOUT "HTTP.REQ.URL.TO_LOWER.STARTSWITH(\"/adfs/ls\") && HTTP.REQ.URL.QUERY.VALUE(\"wa\").EQ(\"wsignout1.0\")" AAA-TPF-EXT_ADFS_LOGOUT
  5. add tm trafficPolicy AAA-TPL-EXT_ADFS_LOGIN "HTTP.REQ.URL.TO_LOWER.STARTSWITH(\"/adfs/ls\") && HTTP.REQ.URL.QUERY.VALUE(\"wa\").EQ(\"wsignin1.0\")" AAA-TPF-EXT_ADFS_LOGIN

Powered by Wolken Software