NetScaler Traffic Policies are great ! Control authentication settings etc. on a deeper level.
In this post we look into Form Based SSO on NetScaler, as an approach to automatically submit the email adress to the login form for authentication in Microsoft Office 365.
When running mVPN/VPN sessions through NetScaler Gateway, the NetScaler can detect a specific Login Form that we define and where we need to auto-populate eg. mail adresss within.
Requirements
- Make sure your LDAP authentication on NetScaler extracts the “mail” attribute from Active Directory. Do this by defining “mail” as Attribute 1 in the LDAP policy.
- Make sure Secure Web MDX App is configured in Secure Browse mode, with Tunnel to internal network.
This is how my Traffic Form Based SSO looks like:
1 2 3 4 5 |
add vpn formSSOAction traf-form-sso-prof-o365 -actionURL "/common/login" -userField login -passwdField passwd -ssoSuccessRule "HTTP.RES.SET_COOKIE.CONTAINS(\"stsservicecookie=ests\")" -responsesize 0 -submitMethod POST add vpn trafficAction traf_prof_office365 http -appTimeout 10 -SSO ON -formSSOAction traf-form-sso-prof-o365 -proxy NOPROXY -userExpression "HTTP.REQ.USER.ATTRIBUTE(1)" add vpn trafficPolicy traf_pol_office365_sso "REQ.HTTP.URL CONTAINS /login.srf" traf_prof_office365 |
Above traffic policy will then need to be bound on the NetScaler Gateway to trigger upon mVPN access to login.microsoftonline.com.
Screenshot of my Form SSO profile which I tested with success: