Tag: Citrix NetScaler

OpenID Connect token validation in Citrix ADC

I’ve previously written about how to use OpenID Connect in NetScaler and a way to use callouts to validate tokens. You can also use the function JWT_VERIFY_CERTKEY() but that requires that you (for now) keep the issuing certificate updated locally.

Another way is to setup an OpenID Connect client (OAuth Action) on Citrix ADC and enable 401 authentication in the load balancing vserver. Below is an example where the NetScaler will validate that the token sent is valid and issued by the correct provider. (I’ve used Azure AD in my example)

The only thing you have to do is send traffic with tokens (HTTP.REQ.HEADER(”Authorization”).SET_TEXT_MODE(IGNORECASE).CONTAINS(”Bearer ”)) to this LB and a session will be created in NetScaler. In my case, I’m also verifying that the user exists using a second factor to LDAP.

Try it out and all feedback is welcome!



Citrix ADC and ADM automation using Ansible

I’ve been working with Ansible more and more and been learning a lot. It’s so much fun but I also think it can help others out there with their projects. I’ve published a few blog posts regarding a few different parts of how I automate Citrix ADC (NetScaler) and Citrix ADM (NetScaler MAS), and will be holding a presentation about it at Citrix User Group Norway (CUGTech Autumn 2018) – I hope to see you there!

The blog posts I’ve published regarding this (so far) are:

I’ve learnt so much creating these playbooks and will continue to work on and perfect them. Most likely will be undergoing continuous improvement from now on! It will be great to talk about all of this next week, something I’m really looking forward to!

I hope to see at least a few of you out there test these playbooks and maybe even contribute to them or collaborate with me making them even better.



Configure Stylebook configpacks using Ansible and Citrix ADM

I’ve created an Ansible playbook to deploy configpacks to Citrix ADC (previously Citrix NetScaler) using Ansible and Citrix ADM (previously Citrix NetScaler MAS). You add the configuration to the parameters and the playbook will add configpacks using the settings you’ve defined.

Still a lot to do with this one, for example updating the configpack when the parameters has changed in the playbook.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Identifies the current primary/active Citrix ADC (NetScaler)
  • Locates the active nodes instanceId
  • Identifies all Stylebooks on Citrix ADM
  • Identifies what Stylebooks will be used
  • Creates configpack if it isn’t already created
  • Verifies that the configpack is deployed without any failures

Feel free to try it out and all feedback is welcome!



Citrix ADC base configuration with Ansible and Citrix ADM

I’ve created an Ansible playbook to configure a base line on Citrix ADC (previously Citrix NetScaler) using Ansible and Citrix ADM (previously Citrix NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • NSIP parameters
  • HA Node parameters
  • SNIP parameters
  • VLANs
  • Policy Based Routing
  • Access Lists
  • SSL profiles
  • TCP Settings
  • HTTP Profile
  • NS Parameters
  • LB Parameters
  • SNMP Parameters
  • Cache parameters
  • Compression parameters
  • NetScaler modes
  • NetScaler features
  • NTP Configuration

I hope this can be of some help and feel free to give feedback or contribute to the playbook!



Configure Citrix ADC HA pair using Ansible and Citrix ADM

I’ve create an Ansible playbook to configure two Citrix ADCs (previously Citrix NetScaler) into an HA pair using Citrix ADM (previously NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it with the credentials and IP-addresses as parameters and you’ll have an HA pair.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Creates or updates a device profile
  • Creates or updates a datacenter (mps_datacenter)
  • Adds Citrix ADC instances to Citrix ADM
  • Creates an HA pair of the Citrix ADC instances using the ns_hapair_template maintenance job
  • Configures a new rpcNode password

I hope this can be of some help and feel free to reach out if you have any feedback or questions!



Deploy Citrix ADC to Azure using ARM Templates and Ansible

I’ve created an Ansible playbook to deploy Citrix ADC (previously Citrix NetScaler) to Azure using ARM Templates. You can find the playbook here in Azure DevOps, see the readme for the latest information about the playbook, how to use it and the per-requisites.

The main points for creating a new one instead of using the Citrix provided ones are (or at least were):

  • Deploy HA using Availability Zone
  • Using HA Ports for internal LB
  • Generates the external LB rules based on the number of Public IPs and Ports automatically
  • Naming convention that matches all other resources

Feel free to try it out and get back to me if you have any questions!