Citrix Netscaler, configuration with inWebo LDAP Proxy

Download and install an inWebo certificate for your service

  • Log in to the inWebo administration console.
  • Navigate to the appropriate service view.
  • Go to Secure Sites and click on the "Download a new certificate for the API" button.
  • Remember to set the Certificate Authentication option to Yes.

Warning: Don't forget to secure this certificate and his passphrase for later use.

Install and configure inWebo LDAP Proxy

Following the configuration instructions, install the inWebo LDAP Proxy on a server reachable from your LDAP server.

inWebo LDAP Proxy, installation and configuration

Copy and install the inWebo certificate you have created on the first chapter

indicate the path and passphrase in your LDAP Proxy configuration file

Whitelisting the Administrator / Read access LDAP account

For Citrix Netscaler configuration you have to whitelist the Administrator/ Read account for this LDAP.
This account won't trigger a Push notification as it is used each time a BIND request is forwarded to the LDAP.

proxy.ldap.whitelist.dn : CN=Administrator,CN=Users,DC=Your_domain,DC=com;CN=ReadOnly,CN=Users,DC=Your_domain,DC=com;

Citrix Netscaler LDAP authentication configuration

Creating a new LDAP authentication policy

In the configuration utility, on the Configuration tab, expand Netscaler Gateway > Policies > Authentication.

Select "LDAP",  and then in the details pane, on the Policies tab, click Add .
In the Create Authentication Policy dialog box, in Name, type a name for the policy.


Put "ns_true" as the expression as this policy is to be used for all authentication.

Creating a new Authentication LDAP Server

Next to Server, click New.(+)

The following parameters are indicated for an Active Directory type LDAP.

Warning:

  • you have to set the time-out value to 60 to allow your user to validate the authentication request on their smartphone.
  • Report the whitelisted Administrator Bind used to request your LDAP server which is indicated on your LDAP Proxy configuration.

Binding the Authentication LDAP Policy to a Netscaler Gateway Virtual Server

Select the Gateway Virtual Server you want to bind with this Authentication policy.

In the Virtual server Authentication page, select "Basic Authentication" section and click on the Add icon "+"

Select the LDAP Policy and choose the type "Primary or Secondary"

Select your newly created LDAP policy and bind it to this virtual server, select close.

inWebo LDAP Proxy authentication test

As soon as you enter your login and password in the Citrix Netscaler portal,
you'll receive an authentication request on your Authenticator App.
When you accept or enter your PIN code your access will be validated.