Creating an authentication server in Citrix
To allow PingFederate to handle authentication requests, add your PingFederate signing certificate and sign-on URL.
Steps
-
In Citrix ADC, complete the steps in Enabling authentication, authorization, and auditing in the Citrix documentation.
-
Go to Configuration → Authentication → Dashboard. Click Add.
-
In the Create Authentication Server window, in the Choose Server Type list, select SAML.
-
In the Name field, enter a name to represent your PingFederate server, such as
PF_Auth_Server
. -
Clear the Import Metadata checkbox.
-
In the Redirect URL field, enter the following PingFederate sign-on URL. Substitute your hostname and port, and choose a connection ID.
https://pf_host:pf_port/idp/startSSO.ping?PartnerSpId=connectionID
You will use the connection ID again in Creating a single sign-on connection.
-
In the SAML Binding and Logout Binding lists, select POST.
-
Add your PingFederate signing certificate.
-
Under IDP Certificate Name, click Add.
-
In the Certificate-Key Pair Name field, enter a name, such as
PF_Certificate
. -
In the Certificate File Name section, upload the certificate that you saved in Exporting your PingFederate signing certificate. Click Install.
-
-
In the Issuer Name field, enter a name to represent Citrix, such as
CitrixSAML
. -
In the Reject Unsigned Assertion list, select OFF. Click More.
-
In the Signature Algorithm section, click RSA-SHA256.
-
In the Digest Method section, click SHA256. Click Create.