Citrix ADC (Netscaler) admin GUI and 2 factor authentication with Pointsharp

This is not a compete guide and require you to have some basic skills arround Pointsharp and Netscaler.

This guide is for using Pointsharp to do group extraction from Active Directory and send the groups to Citrix ADC. Which authentication method to use in Pointsharp is up to you. To configure 2FA on the Citrix ADC admin GUI against Pointsharp, there are some configuration you must do on the ADC and in Pointsharp.

Pointsharp

Citrix ADC

Create a RADIUS Authentication server.

In the wizard, enter the information corresponding to your config in Pointsharp and click More and edit according to the image below.

The Group prefix is set to CN= because Pointsharp will send the group according to RFC standard with the full DN. Since we choosen Pointsharp to only send the first group it matches there can only be one group in the response but we use “,” to remove the DN-string behind the actual group. Let’s say that Pointsharp send “CN=NetScalerAdmin,OU=Groups,DC=powerkb,DC=se” We set the group prefix to “CN=”. Now we have ” NetScalerAdmin,OU=Groups,DC=powerkb,DC=se” and the ADC will fail that match but since we use the “,” as the group separator ADC will think the first group is NetscalerAdmins, the second OU=Groups,DC=powerkb,DC=se and so on.

Create a new Authentication Group that matches your Active Directory group exactly

Create an authentication policy and bind it Globally

This entry was posted in Uncategorized. Bookmark the permalink.