compdigit44
asked on
Netscaler 10 Load Balanced vServe w/ AAA Double Login Prompt
I have setup a Load Balanced vserver to use AAA for authentication. When I type in the FQDN of my vserver I get the login page for the AAA server which is great. I login and then get another Windows login prompt to connect to my backend SharePoint server. After I login I can access the site without issue. I am using cookie insert with a 0 timeout value for persistent.
Any thoughts or suggestions?
Any thoughts or suggestions?
ASKER
Thanks for the great articles. We are not using FBA and am still trying to understand the articles and trying to understand what I need to change to all the netscaler to pass the credential to the back end web server
ASKER
It sounds like I need a traffic policy but since we are not using FBA not sure what to put in for the reference URL..
I am still learn the Netscaler so please be patient with me.
I am still learn the Netscaler so please be patient with me.
the first article don't use Form based authentication to the backend. the config example is for NTLM.
which part of the configuration a problem for you?
which part of the configuration a problem for you?
ASKER
I am still learning the Netscaler so please bare with me..
In the GUI I am confused what I need to configure for the traffic policy. I tried to match up the setting with a traffic policy and profile then applied it to my load balanced vserver but it did not work
Traffic Management Policy
add tm sessionAction prof_session_sharepoint_au
add tm sessionPolicy vs_auth_sharepoint Netscaler_true prof_session_sharepoint_au
The Traffic Management Policy enabled the Single Sign On feature.
In the GUI I am confused what I need to configure for the traffic policy. I tried to match up the setting with a traffic policy and profile then applied it to my load balanced vserver but it did not work
Traffic Management Policy
add tm sessionAction prof_session_sharepoint_au
add tm sessionPolicy vs_auth_sharepoint Netscaler_true prof_session_sharepoint_au
The Traffic Management Policy enabled the Single Sign On feature.
ASKER
I tried creating another session policy with the default of allow and enabled SSO... and got the same result
Now one thing is my authencating domain field I left blank on my AAA vserver. My external domain is company.com but my internal domain which user authenticate against is internal.company.com.
Thoughts????
Now one thing is my authencating domain field I left blank on my AAA vserver. My external domain is company.com but my internal domain which user authenticate against is internal.company.com.
Thoughts????
do you create "Authentication vServer" and bind the traffic management policy?
"bind authentication vserver vs_auth -policy vs_auth_sharepoint -priority 100"
here you have to config your internal authentication domain, not the FQDN from the webpage:
add authentication vserver vs_auth SSL 10.9.6.254 443 -AuthenticationDomain internal.company.com
sorry, would suggest to check the resulting config from CLI and add new lines from CLI also.
I am unsuccessful from GUI sometimes.
"bind authentication vserver vs_auth -policy vs_auth_sharepoint -priority 100"
here you have to config your internal authentication domain, not the FQDN from the webpage:
add authentication vserver vs_auth SSL 10.9.6.254 443 -AuthenticationDomain internal.company.com
sorry, would suggest to check the resulting config from CLI and add new lines from CLI also.
I am unsuccessful from GUI sometimes.
ASKER
still a bit confused doing it via the command line... how can I do this via the GUI
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks that was a huge help.. I made a mistake originally on step 5
Case Study: Using AAA Virtual Server to Remove Multiple Authentication Prompts for Web Application
http://support.citrix.com/article/CTX131684
and if you used Form Based authentication at Sharepoint:
How to Configure NetScaler Gateway for Single Sign-On to a Web Form
http://support.citrix.com/article/CTX124794