- Mastering NetScaler VPX?
- Rick Roetenberg Marius Sandbu
- 644字
- 2021-07-30 10:29:25
Configuring NetScaler? AAA
To allow extra security with authentication on the load balancing features, we should use the Citrix NetScaler AAA feature. With the following steps, we can secure a load balancing virtual server with two-factor authentication based on Web Form authentication:
- Go to Security | AAA - Application Traffic | Policies | Sessions | Session Profiles, and click on Add.
Fill in the correct information based on the following explanation:
- Name: Select a decent name that responds to the AAA Session Profile, for example,
AAA-Pro-Session. - Session Time-out (mins): The timeout before Citrix NetScaler kills the session.
- Default Authorization Action: This can be
ALLOWorDENY. SelectALLOW. - Single Sign-on to Web Applications: Enable this if you want SSON in the backend.
- Credential Index: Use the primary or secondary authentication policy for SSON.
- Single Sign-on Domain: This will be the internal domain name from the AD or NDS.
- HTTPOnly Cookie: Allow only an HTTP session cookie, in which case the cookie cannot be accessed by scripts.
- Enable Persistent Cookie: You can enable or disable persistent SSO cookies for the traffic management (TM) session. A persistent cookie remains on the user device and is sent with each HTTP request.
- Persistent Cookie Validity: This is an integer specifying the number of minutes for which the persistent cookie remains valid.
- KCD Account: Kerberos constrains the delegation account name when using Kerberos authentication.
- Home Page: This is the web address of the home page that a user is displayed when the authentication vserver is bookmarked and used to log in.
- Name: Select a decent name that responds to the AAA Session Profile, for example,
- Go to Security | AAA - Application Traffic | Policies | Sessions | Session Policies, and click on Add:
- Name: Select a decent name that responds to the AAA Session Policy, for example,
AAA-Pol-Session. - Request Profile: Select the profile created in step 1.
- Expression: You can bind an expression. In this case, we use
ns_true.
- Name: Select a decent name that responds to the AAA Session Policy, for example,
- Go to Security | AAA - Application Traffic | Virtual Servers, and click on Add. Fill in the correct information based on this explanation:
- Name: Again, select a decent name that responds to the AAA virtual server, for example,
AAA-Srv-TwoFactor. - IP Address Type: Select IP address, or non addressable if you want to use the content switching method.
- Port: This is the AAA virtual server port. The default is
443. - Authentication Domain: This would be the domain from the public site, for example,
contoso.com.
- Name: Again, select a decent name that responds to the AAA virtual server, for example,
- Bind the certificate.
- Bind the session policy created in step 2.
- Bind the Basic Authentication Policies, Add
LDAPas Primary, and add theRADIUSas Secondary. Click on Continue. - Go to Security | AAA - Application Traffic | Authentication Profile, and click on Add. Fill in the correct information based on the explanations given here:
- Name: Select a decent name that responds to the AAA virtual server, for example,
AAA-AuthPol-TwoFactor - Authentication Host: This would be the FQDN where the NetScaler AAA virtual server would respond to, for example,
twofactor.contoso.com. - Choose Authentication Virtual Server Type: Choose
Authentication Virtual Server - Authentication Virtual Server: Select the
Authentication Virtual Servercreated in step 3 - Authentication Domain: This would be the domain from the public site, for example,
contoso.com - Authentication Level: Fill in the value as 1 if you are using one authentication method, and 2 if you are using two-factor authentication
- Name: Select a decent name that responds to the AAA virtual server, for example,
- Open the Load Balancing Virtual Server that you want to protect. Add the Authentication from the right-hand side of the page.
- Select Form Based Authentication or 401 Based Authentication. In this case, we're using Form Based Authentication. This is because we wish to use two-factor authentication:
- Authentication FQDN: This is the FQDN from the NetScaler AAA virtual server, for example,
twofactor.contoso.com.- Choose Authentication Virtual Server Type: Choose
Authentication Virtual Server - Authentication Virtual Server: Select the
Authentication Virtual Servercreated in step 3 - Authentication Profile: Select the
Authentication Policycreated in step 7
- Choose Authentication Virtual Server Type: Choose
- Now your Load Balancing Virtual Server is protected with the NetScaler AAA security:
推薦閱讀
- NLTK基礎(chǔ)教程:用NLTK和Python庫構(gòu)建機(jī)器學(xué)習(xí)應(yīng)用
- 微服務(wù)設(shè)計(jì)原理與架構(gòu)
- Python自然語言處理(微課版)
- Unity Shader入門精要
- ScratchJr趣味編程動(dòng)手玩:讓孩子用編程講故事
- OpenMP核心技術(shù)指南
- Hadoop 2.X HDFS源碼剖析
- Machine Learning for Developers
- Getting Started with React VR
- Deep Learning for Natural Language Processing
- 零基礎(chǔ)學(xué)Java第2版
- Android應(yīng)用程序設(shè)計(jì)
- Java程序設(shè)計(jì)入門(第2版)
- 零基礎(chǔ)C語言學(xué)習(xí)筆記
- 虛擬現(xiàn)實(shí):引領(lǐng)未來的人機(jī)交互革命