You should see the following SAML 2.0 connector information in the administration console:
Creating a new Authentication SAML Policy
In the configuration utility, on the Configuration tab, expand Netscaler Gateway > Policies > Authentication. Click "SAML", and then in the details pane, on the Policies tab, click Add . In the Create Authentication Policy dialog box, in Name, type a name for the policy.
Put "ns_true" as the expression as this policy is to be used for all authentication.
Creating a new Authentication SAML Server
Next to Server, click New.(+)
In the Name field, indicate a name for the new server profile.
Fill this page with the following information concerning your inWebo service
In "IDP Certificate Name", select the private key for the certificate you selected in the Prerequisite section above.
The "Issuer Name" is the fully qualified domain name (FQDN) to which users log on, such as lb.example.com or ng.example.com. In "Issuer Name", enter the FQDN of the Virtual Server or its IP address.
Click Create twice to save both configuration.
Binding the Authentication SAML Policy to a Netscaler Gateway Virtual Server
Select the Gateway Virtual Server you want to bind with this Authentication policy.
In the Virtual server Authentication page, select "Basic Authentication" section and click on the Add icon "+"
Select SAML as Policy and click "Continue"
Select the newly created inWebo SAML policy and click "Bind" to apply it for this server.
Constructing the Netscaler SP SAML assertion
SAML assertion sample for a "gateway.netscaler.test" portal.
You have to create this assertion with different elements from your own Netscaler configuration.
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_724200788f8391f96053f72adc628fecc808d099" entityID="https://gateway.netscaler.test"> Indicate the Virtual server HTTPS address
<init:RequestInitiator xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Binding="urn:oasis:names:tc:SAML:profiles:SSO:request-init" Location="https://www.myinwebo.com/console/c/XXXX/saml2/XXXX"/> Complete with your inWebo service Single Sign On URL ("https://www.myinwebo.com/console/c/XXXX/saml2/XXXX")
<ds:KeyName>gateway.netscaler.test</ds:KeyName> Complete with the Virtual server FQDN
<ds:X509SubjectName>CN=gateway.forserge.test</ds:X509SubjectName> Complete with the Virtual server FQDN
Navigate to Traffic Management > SSL and select "Manage Certificates / Keys / CSRs"
Select the certificate used by your Virtual server:
Select View and copy / paste the content under the ds:X509Certificate section of the SAML assertion
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://gateway.netscaler.test/cgi/samlauth" index="0"/> Indicate the Virtual server HTTPS address completed with /cgi/samlauth ("https://*****virtual_server*****/cgi/samlauth")
Updating the inWebo SAML connector
In your inWebo service, in the "Secures Sites" tab, select the previously created SAML 2.0 connector.
Edit your SAML connector properties and paste the SAML assertion you have constructed.
In the SAML attributes section,
Add a SAML Attribute to map "NameID" with the User login, to transfer this Attribute in the authentication process.
Click the Update button to complete this configuration.
Creating the corresponding SAML 2.0 "Secure Site"
In the inWebo Administration console, in the "Secure Sites" tab Click on "Add a Secure Site of type..." and select the SAML 2.0 corresponding to your SAML connector" in the first column.
The called URL should correspond to your Nestcaler portal page.
inWebo SAML authentication test
When connecting to the Virtual server protected by the inWebo authentication policy, you'll be redirected to myinwebo.com site for authentication.
On successful authentication you'll be redirected to the Netscaler Unified Gateway and your inWebo login will be displayed