Citrix

In this document, you are going to set up IDmelon as an external IdP to the Citrix.

Login to Citrix administration panel

  1. Click on the “Manage Authentication Methods” alt
  2. Click on the “SAML Authentication” alt
  3. Click on the “SAML Authentication” option and choose on the “Service Provider” alt
  4. Copy the value of “Service Provider Identifier” field for future use when adding the app into your IDmelon Orchestrate panel. alt
  5. Click on the “Browse” button of “Export Encryption Certificate”: alt And save this certificate file with custom name like sp_enc.cer. alt
  6. Convert this exported certificate file from the binary encoded cer format to the pem format:
openssl x509 -in sp_enc.cer -out sp_enc.pem -outform PEM

The output file will be sp_enc.pem. We will use this file in IDmelon Orchestrate Panel.

IDmelon SAML configuration

  1. Login to the IDmelon Orchestrate Panel and navigate to the “Simple Sign-on" and “App Management" Then Click on “Integrate with a New App” button: alt

  2. Click on the “Create a custom configuration” button: alt

  3. Set a custom name “Citrix” and click next. alt

  4. Fill the all fields as describe in the picture. Set the “Entity ID” with value that you copied It as “Service Provider Identifier” in the step 4 of the Login to Citrix administration panel section . alt

    Sample Entity ID:

    http://srv8431835910.idmelon.ctx/Citrix/Authentication

    Sample ACS:

    https://srv8431835910.idmelon.ctx/Citrix/Authentication/SamlForms/AssertionConsumerService

    Sample Default Relay State:

    https://srv8431835910.idmelon.ctx/Citrix/Store

  5. To get the value for the “Assertion Consumer Service” field:

    In the Windows PowerShell ISE run this command:

    Get-STFStoreService | Out-String -Stream | Select-String  "VirtualPath"

    alt Run the below commands and remember to change the value of /Citrix/Store with the value you obtained in the previous step.

    Get-STFStoreService | Out-String -Stream | Select-String  "VirtualPath"
$storeVirtualPath = "/Citrix/Store"
$auth = Get-STFAuthenticationService -Store (Get-STFStoreService -VirtualPath $storeVirtualPath)
$acs = New-Object System.Uri $auth.Routing.HostbaseUrl, ($auth.VirtualPath + "/SamlForms/AssertionConsumerService")
echo $acs

    alt Set the value of “Default Relay State” field based on your $storeVirtualPath value:

    Sample: https://srv8431835910.idmelon.ctx/Citrix/Store

  6. For the “Public Certificate” field, click “Upload Certificate File” and select the converted sp_enc.pem file in the step 5 of the Login to Citrix administration panel. alt

  7. In the next page define all attributes as picture and click on the confirm button: alt

    SP variable nameIDP variable name
    emailemail
    usernameemail
    userprincipalnameemail

  8. In the IDmelon Panel , Form the “Simple Sing-on” menu, navigate to the “App Management” menu and click on the “Edit” icon of created “Citrix” application: alt

  9. Copy the value of “Idp Entity ID”. We will use in the Citrix Panel. alt

  10. Download “IdP Signature Certificate” file and convert it to the cer format:

    openssl x509 -inform PEM -in cert.pem -outform DER -out idp.cer

    We will use in the Citrix Panel. The output file will be idp.cer. alt

  11. Back to the “Manage Authentication Methods” of Citrix Panel Click on the “SAML Authentication” option and click on the “Identity Provider” alt

  12. Set the value of “SAML Binding” to “Redirect”. Set the value of “Address” to the value copied from “Idp Entity ID” in the step 9. alt

  13. Click on the “Import” button and select the idp.cer file that is converted in the “IdP Signature Certificate” section of the step 10. alt

Edit this page on GitHub
×