How to Use the Authentication Feature of a NetScaler Appliance with a Load Balancing or Content Switching VServer on the Appliance

How to Use the Authentication Feature of a NetScaler Appliance with a Load Balancing or Content Switching VServer on the Appliance

book

Article ID: CTX126728

calendar_today

Updated On:

Description

This article describes how to use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance.

Requirements

To complete this task, the NetScaler appliance must have license for the Load Balancing, Content Switching, and Authentication, Authorization, and Auditing (AAA - Application Traffic) features.

Instructions

To use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance, complete the following procedure:

  1. If not already done, right-click the Load Balancing node under Traffic Management and enable the Load Balancing feature. Proceed to enable the Content Switching feature which is present right below the Load Balancing node.

  2. If not already done, right-click the AAA – Application Traffic node under Security and enable the feature, as shown in the following screen shot:

    User-added image

  3. Create an AAA virtual server and bind a certificate to it

    User-added image 

    User-added image

  4. Create an authentication policy and bind it to the AAA virtual server.

    User-added image

    User-added image

  5. Create an AAA policy and bind it to the AAA virtual server.

    User-added image

    User-added image

  6. Create a Load Balancing virtual server.

  7. Ensure the Load Balancing virtual server is working fine without the authentication.

  8. Expand Authentication tab present on the right side inside the Load Balancing virtual server

  9. Select the Form Based Authentication option and specify the Authentication FQDN, as shown in the following screen shot:

    User-added image

  10. Create DNS A records for the authentication FQDN you have specified for the virtual server.

    User-added image

    The IP address specified for the DNS A records should be that of the AAA virtual server.

Note: If you access the Load Balancing virtual server from a Web browser and the HTTP 500 error message appears, there is a possibility of an issue with a certificate you have bound to the AAA virtual server. In such a scenario, consider performing the following troubleshooting steps:

  • Ensure that the URL of the Load Balancing virtual server you access is the FQDN of the site and not the IP address.

  • Verify if the NetScaler appliance can resolve the Authentication FQDN appropriately. The FQDN should be the same as that in the certificate.

  • Verify if the domain name is appropriately configured. The domain name is usually different from the certificate name.

Issue/Introduction

This article describes how to use the authentication feature of a NetScaler appliance with a Load Balancing or Content Switching virtual server on the appliance.
Powered by Wolken Software