Everyone has their master IdP (Entra ID, OKTA, Google Identity…) already in place anyways, so what’s all the fuzz about? It might be a bit more useful to walk-through a couple of examples to shed some light on the why. This post will explain three use-cases: One thing in common for all of the use-cases … NetScaler as IdP/SP – why?
This article will be updated if new information is found or something is incorrect. Backgrounds Overview The actual change is described in MS KB5014754. In a nutshell the change enforces strong mapping of certificates to an on-premises AD user object. This change will impact many (government) users that are using smart cards. For many cases … MS Certificate authentication changes
This year has been interesting with many vendors changing their licensing and Cloud Software Group has definitely stirred the pot on their own behalf. From where we’re standing, this also presents a great opportunity to get a lot more out of your investment. Overview So, what actually happened was that recently Cloud Software Group (or … Citrix Licensing changes for NetScaler
Last one (for now); having SSO all the way to the application is critical for users and from security perspective. And most importantly; achievable with NetScaler. Overview In the example the web application acts as an OIDC SP, using NetScaler as an OIDC IdP. NetScaler authentication itself is similar to the previous post, so it’s … Chained federated authentication, NetScaler as SP and IdP
Second one – are you ready? I think this one is a bit more interesting and something you might run in to! Overview In the example the reverse proxy is protected with Microsoft Entra ID authentication capabilities. NetScaler is configured as SAML SP for Microsoft Entra ID and no SSO for the destination web front … Federated authentication, NetScaler as SP
As promised; here’s the first one of the three real-life authentication examples. I will post the next one tomorrow and the final one the day after tomorrow. Overview In this use case the NetScaler acts as a load balancer (aka reverse web proxy) for the web front end servers, but also enables the authenticate, authorize … NetScaler Basic on-prem authentication
Overview Far too often I’m facing an assumption that the NetScaler is “just a load balancer” or the Gateway for Citrix environments. Of course it’s true that NetScaler can do both of the above, but it’s capable of so much more. We here at Comping have been working on various cases around identity and NetScaler … NetScaler Identity handling capabilities
Overview You’ve gotten this far so let me wrap this series up for you. Why – Why someone tries to access the environment? Who – Who should be able to access the environment? Can we authenticate the users or identify them in another way? Where – Where are the users connecting from? From the office … Security basics, part 5 – How?
Overview Glad you’re with us still, this one is a bit shorter. Why – Why someone tries to access the environment? Who – Who should be able to access the environment? Can we authenticate the users or identify them in another way? Where – Where are the users connecting from? From the office network? Some … Security basics, part 4 – When?
Overview Now that we’ve discussed about who, we can move to the next one, which is where? In this post I’m trying to stay more on the conceptual level and bearing in mind that the audience remains the same. Topics Why – Why someone tries to access the environment? Who – Who should be able … Security basics, part 3 – Where?
