Upload File

Download - How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

Transcript
Page 1: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

HowdoIperformAuthorizationusingadvancedpolicyexpressionsinNetScaler?

BackgroundAdvancedpolicyexpressionsprovidearichsetofexpressionslikebodybased,DNSbasedexpressionstoadministratorscomparedtoolderclassicones.AdvancedwillbethedefaultexpressioneditorforSession,TrafficandAuthorizationpolicyeditors.Optiontoswitchtoclassicbyclickingon“SwitchtoClassicSyntax”

• Onlyonepolicytype(eitheradvancedorclassic)isallowedtobeboundforatypeofpolicyo E.g.:Allauthorizationpoliciesboundatanylevelmustbeeitheradvancedorclassico AuthorizationpoliciesofAdvanced-typeandTrafficpoliciesofClassictypeareallowed

UsecaseTheadminwantstoblockasetofuserstonotallowthemtoaccessthedownloadpageofcitrix.com.Forthistheadminhascreatedausergroupcalled‘BlacklistUserGroup’,anyuserthatisapartofthisgroupshouldnotbeallowedtoaccessthedownloadpage.StepstoachievethisWithadvancedpolicyexpressions,theadministratorcancreateanauthorizationpolicyonhttprequestandlinkittotheBlackListUserGroup.PleaseseebelowthestepsfromtheNetScalerGUI:

1. LogintotheGUI,navigatetothispath:Configuration->NetScalerGateway->Policies->Authorization

2. Clickontheaddbutton

Page 2: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

3. Createanauthorizationpolicy.Inourcase,wehavecreatedthefollowing-

4. Clickonexpressioneditorandusesimpleandintuitivedropdownstocreateapolicyexpression.Forustheexpressionis-http.req.hostname.contains("citrix.com")&&http.req.url.contains("downloads")

Usingtheoperator‘&&’andthencreatinganotherexpressionasbelow:

Finally,thisiswhattheexpressionlookslike:

Page 3: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

5. BindthisauthorizationpolicytotheAAA-Usergroup.Navigateto:Configuration->NetScaler

Gateway->UserAdministration->AAAGroups.Inthiscase,weselectBlackListUserGroupandBindthispolicytoit.

LetustakealookattheAuthorizationPolicywhichisboundtothisgroup:

Now,letustestthisout:

1. Wehaveauser–BlacklistuserwhichisapartoftheBlackListUserGroup.Thisusershouldnotbeallowedtoaccessthedownloadspageofcitrix.com

Page 4: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

2. LaunchesCitrix.comfromthebookmarkssetasbelow:

Thewebsitelaunchesasshownbelow.

3. Theuserclicksonthedownloadstabonthewebsiteandisdeniedaccesswiththebelowmessage.

Page 5: How do I perform Authorization using advanced policy … · 2020-03-02 · How do I perform Authorization using advanced policy expressions in NetScaler? Background Advanced policy

Therefore,wehavethetestedourconfigurationoftheauthorizationpolicytodenyaccesstoblacklisteduserstothedownloadpageofcitrix.com


Top Related

Adaptive Authentication and Authorization · (MFA) for authentication and authorization requests. ... These authorization policy rules can be built around one or more resources. They
Adaptive Authentication and Authorization · (MFA) for authentication and authorization requests. ... These authorization policy rules can be built around one or more resources. They
Advanced Travel/Reimbursement Training€¦ · PeopleSoft Tips • Do not encumber Airfare on Travel Authorization • Please make sure your Travel Authorization is final approved
Advanced Travel/Reimbursement Training€¦ · PeopleSoft Tips • Do not encumber Airfare on Travel Authorization • Please make sure your Travel Authorization is final approved
Administrator's Guide for Authorization Policy Manager 11g ... · Administrator's Guide for Authorization Policy Manager 11g ... Contributor: Josh Brunaugh, Akila Natarajan, Sanatan
Administrator's Guide for Authorization Policy Manager 11g ... · Administrator's Guide for Authorization Policy Manager 11g ... Contributor: Josh Brunaugh, Akila Natarajan, Sanatan
PROG 11044 Advanced Web Applications With.NET PROG 11044 Advanced Web Applications With.NET User Authentication & Authorization
PROG 11044 Advanced Web Applications With.NET PROG 11044 Advanced Web Applications With.NET User Authentication & Authorization
Procurement and Authorization Policy (00016181-4)
Procurement and Authorization Policy (00016181-4)
Enumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) model
Advanced Systems Security: Linux Security Modulestrj1/cse544-f15/slides/cse544-lsm.pdfauthorization nodes include the authorization, command, and func-tion containing the authorization
Advanced Systems Security: Linux Security Modulestrj1/cse544-f15/slides/cse544-lsm.pdfauthorization nodes include the authorization, command, and func-tion containing the authorization
An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolutionusers.ece.gatech.edu/dblough/research/papers/idtrust10… ·  · 2010-05-28An Attribute-based Authorization
An Attribute-based Authorization Policy Framework with Dynamic Conflict Resolutionusers.ece.gatech.edu/dblough/research/papers/idtrust10… ·  · 2010-05-28An Attribute-based Authorization