Versions Compared

Old Version 1

changes.mady.by.user Georg Johansen

Saved on

compared with

New Version Current

changes.mady.by.user Lise Kristoffersen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Column
width62%

Requirements

Citrix ADC Advanced License with AAA feature. Minimum ADC version 11.


Prerequesites

  • Citrix Gateway virtual server configured and ready to add Buypass Code OpenID Connect authentication. This Gateway must be configured for browser based access e.g. Reciever for Web use.
  • For use with Citrix Virtual Apps / Dekstops it is required to have Citrix Federated Authentication Service (FAS) installed.
  • OpenID Connect configuration acquired from Buypass.
  • The user's mobile phone number is used for user account mapping in the local AD. The example in this guide requires that the user's mobile phone number is stored in the AD attribute 'mobile'.


Configuration

Open the configuration page for the gateway to be secured with OpenID Connect.
Choose Authentication Profile and create a new profile with the ADD (+) button.


Give the Authentication Profile a name. Press ADD (+) to create an Authentication Virtual Server.
Configure the Basic Settings. If the Authentication Virtual Server should not reachable externally to the Citrix ADC the IP Address Type can be set to Non Addressable.


Press No Authentication Policy.


Press ADD (+) on Select Policy to create an Authentication Policy

Give the Authentication Policy a name. Choose Action Type to OAUTH. Set Expression to true.

Press ADD (+) on Action to create a new OAUTH Authentication Action.

Configure the OAUTH Server according to the OpenID Connect configuration recieved from Buypass.

Press Create and press Bind.


Add Authorization of users through LDAP. This is achieved through Citrix ADC Next Factor.
Open the newly created Authentication Policy. Press Edit Binding.

Press ADD (+) on Select Next Factor to create the next Factor.

Give the Authentication PolicyLabel a name. Since the LDAP authorization will be performed without GUI, Login Schema can be kept as LSCHEMA_INT. Press Continue.

Press ADD (+) on Select Policy


Give the Authentication Policy a name. Choose Action Type LDAP. Set Expression to true. Press ADD (+) on Action to create an LDAP action.

Below us an example configuration for the LDAP server.

The Authentication check-mark is not chosen since the LDAP action is only going to find the user account which has the matching mobile number attribute in AD.
userPrincipalName is used for SSO attribute to e.g. Storefront.
Press Bind, Create, OK and Done until you reach the Gateway configuration GUI again.



Column
width2%


Column
width26%


Div
classright-navigation

Innhold  

Page Tree
root@parent
startDepth2
Include Page
INCLIB:_right_navigation_styleINCLIB:_right_navigation_style




Column
width10%


Section


INCLIB:_bottom_bar 

Column
width62%

Include Page
INCLIB:_bottom_bar


Column
width2%


Column
width26%
 


Column
width10%
Include PageINCLIB:_navigation_buttons_styleINCLIB:_navigation_buttons_style Include PageINCLIB:doc_center_styleINCLIB:doc_center_style  Include PageINCLIB:_template_styleINCLIB:_template_style