Citrix ADC Integration Guide

Creating a single sign-on connection

To allow PingFederate to handle single sign-on (SSO) to Citrix, create a service provider (SP) connection.

Steps

  1. In the PingFederate administrator console, create a new SP connection:

    Choose from:

    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.

    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.

  2. If you see the Connection Template tab, select Do not use a template for this connection. Click Next.

  3. On the Connection Type tab, select only Browser SSO Profiles. Click Next.

  4. On the Connection Options tab, select only Browser SSO. Click Next.

  5. On the Import Metadata tab, select None. Click Next.

  6. On the General Info tab, enter the basic connection information. Click Next.

    1. In the Partner’s Entity ID field, enter the Issuer Name that you chose in Creating an authentication server in Citrix.

    2. In the Connection Name field, enter the connection ID portion of the Redirect URL that you entered in Creating an authentication server in Citrix.

    3. In the Base URL field, enter the base URL for your Citrix Gateway server.

  7. On the Browser SSO tab, configure browser SSO. Click Next.

    Learn more in Configure IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO > SAML Profiles tab, select IdP-Initiated SSO and SP-Initiated SSO. Click Next.

    2. On the Browser SSO > Assertion Creation > Authentication Source Mapping tab, complete the steps in Configuring an adapter instance. Click Next.

    3. On the Browser SSO > Protocol Settings > Assertion Consumer Service tab, in the Binding list, select POST.

    4. In the Endpoint URL field, enter /cgi/samlauth, and then click Add. Click Next.

    5. On the Browser SSO > Protocol Settings > Allowable SAML Bindings tab, select only POST. Click Next.

  8. On the Credentials tab, configure the connection credentials as shown in Configuring credentials in the PingFederate documentation. Click Next.

  9. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.

  10. Note the SSO Application Endpoint URL. Click Save.

    The SSO Application Endpoint URL should match the Redirect URL that you entered in Creating an authentication server in Citrix. If it doesn’t, update the URL in Citrix ADC.

  11. To test the integration, make sure your test credentials exist in both the PingFederate data store and Citrix, then go to your Citrix ADC URL in a browser and sign on.