In my first Sharefile post I showed how to install and prepare the internal systems for use with Citrix Sharefile storage Zone (on premise). In this post we will have a look on publishing these services via Netscaler to authenticate users through a on-premise ADFS service.
Requirements on the Sharefile Control Plane
Create a custom logon page as descripted in: http://support.citrixonline.com/en_US/sharefile/all_files/SF090016
You will need to edit the login.htm file to replace the default SAML url with your account’s SAML login url. Please replace https://subdomain.sharefile.com/saml/login with https://demo.sharefile.eu/saml/login (where demo is your subdomain).
You will also need to change the password reset request url from https://subdomain.sharefile.com/resetpasswordrequest.aspx to https://demo.sharefile.eu/resetpasswordrequest.aspx .
You can test this site by the URL https://demo.sharefile.eu/customlogon.aspx
To activate the custom logon page, you have to open a support request with Sharefile support.
Publishing ADFS Services
As described we will publish a SSL load balancer for access to the ADFS Services.
Publishing Sharefile Storage Zone
Now we are ready to create the Sharefile Storage Zone vServer:
Configuring Control Plane
No the last step brings the three components together:
|Login to your sharefile control plane with your admin account and navigate to Admin -> Configure Single Sign on|
|Configure the fields like described on the screenshot with your URLs.|
|For testing navigate with a second browser to your custom logon page: https://demo.sharefile.eu/customlogin.aspx
Depending on your customizations you should see a similar page. The left side represents your employee logon or a logon path for everybody how owns an active directory account in your domain.
|If you click on the „Single-Sign-on“ a redirect to your ADFS Service site occurs. In the URL you can notice the SAML request.
Now when a user logon on correctly, a second redirect to his/her Sharefile filebox occurs.
|And now the user has access to Sharefile.|
|The same redirect mechanism will initiate the user logout. If a user clicks on the logout button on the top, a redirect to the ADFS service will occur to invalidate the SAML logon.|
Securing Access to local Storage Zone
Restrict Access to Sharefile Storage with HTTP Callouts, so only are by Sharefile validated HTTP request are accepted by the Netscaler applicance. All other request, done by browsers or crawler are dropped
Marco Klose works as a Technical Consultant, Architect and CTO focused on Application & Desktop virtualization as well as application delivery with the Citrix product portfolio. He is specialized in Citrix virtualization, Citrix networking and Microsoft products. He has +10 years experience and holds the latest Citrix certifications and is member of the Citrix Partner Expert Council EMEA (PTEC).