Question 4
Scenario: A Citrix Architect needs to deploy SAML integration between NetScaler (Identity Provider) and ShareFile (Service Provider). The design requirements for SAML setup are as follows:
NetScaler must be deployed as the Identity Provider (IDP).
ShareFile server must be deployed as the SAML Service Provider (SP).
The users in domain workspacelab.com must be able to perform Single Sign-on to ShareFile after authenticating at the NetScaler.
The User ID must be UserPrincipalName.
The User ID and Password must be evaluated by NetScaler against the Active Directory servers SFO-ADS-001 and SFO-ADS-002.
After successful authentication, NetScaler creates a SAML Assertion and passes it back to ShareFile.
Single Sign-on must be performed.
SHA 1 algorithm must be utilized.
The verification environment details are as follows:
Domain Name: workspacelab.com
NetScaler AAA virtual server URL https://auth.workspacelab.com
ShareFile URL https://sharefile.workspacelab.com
Which SAML IDP action will meet the design requirements?
add authentication samIIdPProfile SAMI-IDP --samISPCertName Cert_1 --samIIdPCertName Cert_2 --assertionConsimerServiceURL ''https://auth.workspacelab.com/samIIssueNameauth.workspacelab.com -signatureAlgRSA-SHA256-digestMethod SHA256-encryptAssertion ON -serviceProviderUD sharefile.workspacelad.com
add authentication samIIdPProfile SAMI-IDP --samISPCertName Cert_1 --samIIdPCertName Cert_2 --assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs''--samIIssuerNamesharefile.workspacelab.com --signatureAlg RSA-SHA256 --digestMethod SHA256 --serviceProviderID sharefile.workspacelab.com
add authentication samIIdPProfile SAMI-IDP --samISPCertName Cert_1 --samIIdPCertName Cert_2 --assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs''--samIIssuerName auth.workspacelab.com--signatureAlg RSA-SHA1-digestMethod SHA1 --encryptAssertion ON --serviceProviderID sharefile.workspacelab.com
add authentication samIIdPProfile SAMI-IDP --samISPCertName Cert_1 --samIIdPCertName Cert_2 --assertionConsimerServiceURL https://sharefile.workspacelab.com/saml/acs''--samIIssuerNamesharefile.workspacelab.com --signatureAlg RSA-SHA1 --digestMethod SHA1 --encryptAssertion ON --serviceProviderID sharefile.workspacelab.com
Correct answer: C