In a Netscaler project I came to a requirement, to check if an user is member of an specific Active Directory group before the request is forwarded to the load balancing vServer. The customer has multiple lb vservers, which are protected by an simple AAA authentication server. The authentication domain was set to the top level domain, e.g. fabric.com. 

The following subdomains are representing the other applications:

  • sharepoint.fabric.com
  • jira.fabric.com
  • documentcenter.fabric.com 

In our example all users are allowed to browse to jira and documentcenter, but for access the sharepoint server users must be member of the group „Group_Sharepoint_Access“. If a user is not member of this group a short error message should be displayed, which was done with a simple responder:

This policy and action could be replicated as often as needed and will be bound to the respective vserver:

 

 

Leave a Comment

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.