Authentication via SAML to either the Citrix StoreFront or through the Citrix ADC requires an identity provider configured in the Liquit Workspace.
Liquit Access Manager license
The SAML identity provider is available only with a valid Liquit Access Manager license. We recommend you contact Liquit Sales if the option is not available in your Liquit System.
Certificate
The SAML identity provider needs a signing certificate that will be used to sign the SAML messages.
- In the Liquit Workspace navigate to Manage > System > Certificates
- Click
Create in the table toolbar. - In the Create certificate dialog box that opens:
- In Type select Self signed
- In Overview write Signing certificate for SAML IDP
- In Self signed write
- Common name: SAML-IDP-SIGNING
- Days valid: 1825 (5 years for example)
- Key size: 2048
Identity provider
- In the Liquit Workspace navigate to Manage > Authentication > Identity Providers.
- Click Create in the table toolbar.
- In the Create identity provider dialog box that opens:
- In Type select SAML 2.0
- In Overview fill in:
- Name: SAML Identity Provider
- Description: Identity Provider used for SAML federation
- In Summary, leave Modify identity provider after creation selected.
- Navigate to the Settings screen and configure the following:
- Certificate used for signing SAML messages: select the SAML-IDP-SIGNING created previously, or another appropriate certificate.
- Enable Allow requesting metadata
- In the Single sign in section enable Allow post requests
- In the Single logout section enable Allow redirect requests
For security purposes, we recommend you have the options Require signing enabled.
For more information, see SAML 2.0.