![\"ShareFile\"](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/ShareFile-150x150.png\")
With the release of NetScaler 11 the Unified Gateway feature became available. Besides that the Unified Gateway enables companies to create a single point of entry for different types of connection (from full blown VPN to ICA proxy and everything in between) it also comes with a landing page where users can access their (SaaS) applications. This is a great addition to the (already long) list of use-cases for a NetScaler in your network.<\/p>\n
Now if there’s something users hate than that’s doing things more than once. So when companies make the (ow so logical) transition from “legacy” Windows applications to SaaS applications, so they no longer have to care about how that application works \/ runs \/ updates<\/a>, the end-user is faced with a\u00a0number of\u00a0new challenges:<\/p>\n This is where the Unified Gateway comes into play, it offers a useful landing page where users can find their applications (hey that sounds familiar!). And since the industry made SAML<\/a> the de-facto standard for authentication to SaaS applications, that might solve the other two challenges!<\/p>\n Long introduction to why I wanted to write this blog, but here’s how you can achieve a Singe Sign-On (SSO) experience from the NetScaler Unified Gateway to ShareFile<\/a> using SAML.<\/p>\n <\/p>\n .<\/p>\n For the sake of the argument I’m assuming you know what SAML is and that you’ve setup an Identity Provider<\/p>\n In my example I’m using the NetScaler as a SAML IdP, because I can and because it’s actually a really good fit. The configuration of both your ShareFile account and the NetScaler is documented over here (support.citrixonline.com<\/a>).<\/p>\n <\/p>\n I’d like my users to have an easy overview of the SaaS-applications and web links that they can use whenever they want.\u00a0For my demo<\/strong> environment that roughly looks like this:<\/p>\n As you can see that includes ShareFile<\/strong>, the subject of this article. Let’s dive a bit deeper in the configuration.<\/p>\n <\/p>\n We need to add an Active Directory attribute to the LDAP policy assigned to the Unified Gateway.\u00a0In the properties of your Universal Gateway vServer go to the\u00a0Authentication\u00a0<\/strong>section and click on your LDAP policy<\/strong>.<\/p>\n Select the\u00a0LDAP Policy<\/strong> and click on\u00a0Edit<\/strong> >\u00a0Edit Server<\/strong><\/p>\n Click on the More<\/strong> link (below) and add ‘mail<\/em>‘ (without quotes, all lower capital) in the Attribute 1<\/strong> field.<\/p>\n <\/p>\n On your NetScaler, go to NetScaler Gateway<\/strong> > Resources<\/strong> > Bookmark<\/strong> and add a new resource.<\/p>\n <\/p>\n This is where the magic<\/em> happens.<\/p>\n Accept all defaults<\/strong>, except:<\/p>\n If you didn’t\u00a0apply the last step (reading the mail attribute) the following error will be thrown. Reason is that the SAML assertion doesn’t include the mail address, and that’s what ShareFile needs to recognise the user.<\/p>\n <\/p>\n Last step is to bind the (newly created) bookmark to your Unified Gateway vServer.<\/p>\n In the properties of your Unified Gateway vServer go to Published Applications<\/strong> and click on URLs\u00a0<\/strong>and use Add Binding<\/strong> to add your new Bookmark.<\/p>\n <\/p>\n <\/p>\n In case you’re troubleshooting SAML challenges (with or without ShareFile) I highly recommend reading this article from Dan Brinkman:\u00a0ShareFile troubleshooting: Capturing a SAML token | What Would Dan Do?<\/a>\u00a0In addition, I found this Google Chrome plugin to be very useful as it decodes the SAMLresponse for you: SAML Chrome Panel<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" With the release of NetScaler 11 the Unified Gateway feature became available. Besides that the Unified Gateway enables companies to create a single point of entry for different types of connection (from full blown VPN to ICA proxy and everything in between) it also comes with a landing page where users can access their (SaaS) […]<\/p>\n","protected":false},"author":16,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[502],"tags":[503,678,677,594,679],"class_list":["post-6969","post","type-post","status-publish","format-standard","hentry","category-netscaler","tag-netscaler-2","tag-saml","tag-sharefile","tag-sso","tag-unified-gateway"],"_links":{"self":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/comments?post=6969"}],"version-history":[{"count":12,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6969\/revisions"}],"predecessor-version":[{"id":7059,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/posts\/6969\/revisions\/7059"}],"wp:attachment":[{"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/media?parent=6969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/categories?post=6969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ingmarverheij.com\/en\/wp-json\/wp\/v2\/tags?post=6969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
SAML IdP<\/h1>\n
Unified Gateway<\/h1>\n
![\"Unified](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-14.58.57-1024x700.png\")
<\/a><\/p>\nLDAP Policy<\/h2>\n
![\"Authentication\"](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-16.02.52-300x152.png\")
<\/a><\/p>\n![\"VPN](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-16.04.36-300x105.png\")
<\/a><\/p>\n![\"Attribute](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-16.06.17-300x195.png\")
<\/a><\/p>\nBookmark<\/h2>\n
Create bookmark<\/h3>\n
![\"NetScaler](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-15.15.29-218x300.png\")
<\/a>![\"Bookmark](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-15.17.34-168x300.png\")
<\/a><\/p>\n\n
SAML SSO Profile<\/h3>\n
![\"SAML](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-15.39.48-1024x881.png\")
<\/a><\/p>\n\n
![\"Invalid](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-15.49.16-300x275.png\")
<\/a>Bind to Unified Gateway<\/h3>\n
![\"Published](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-16.01.12-300x136.png\")
<\/a>![\"VPN](\"https:\/\/ingmarverheij.com\/wp-content\/uploads\/2016\/01\/Screen-Shot-2016-01-08-at-15.58.50-300x269.png\")
<\/a><\/p>\nTroublehooting<\/h1>\n