Examice

Exam 1Y0-231 All QuestionsBrowse all questions from this exam

Question 21

Scenario: A Citrix Administrator needs to test a SAML authentication deployment to be used by internal users while accessing several externally hosted applications. During testing, the administrator notices that after successfully accessing any partner application, subsequent applications seem to launch without any explicit authentication request.

Which statement is true regarding the behavior described above?

It is expected if the Citrix ADC appliance is the common SAML identity provider (IdP) for all partners.

It is expected due to SAML authentication successfully logging on to all internal applications.

It is expected if all partner organizations use a common SAML service provider (SP).

It indicates the SAML authentication has failed and the next available protocol was used.

Correct Answer: A

The behavior is expected if the Citrix ADC appliance is the common SAML Identity Provider (IdP) for all partners. In this scenario, once a user authenticates successfully with the IdP, they gain access to multiple SAML Service Providers (SPs) without needing to re-authenticate. The initial authentication generates a session cookie, which is then used for subsequent authentication requests. This streamlines access across different applications that trust the same IdP.

Discussion

Vik84Option: A

I would say "A". There are two primary types of SAML providers, service provider, and identity provider. A service provider needs the authentication from the identity provider to grant authorization to the user. An identity provider performs the authentication that the end user is who they say they are and sends that data to the service provider along with the user’s access rights for the service.

Tlab97271Option: A

I also think A because of this: If the Citrix ADC appliance is configured as a SAML IdP for multiple SAML SP, a user can gain access to applications on the different SPs without explicitly authenticating every time. The Citrix ADC appliance creates a session cookie for the first authentication, and every subsequent request uses this cookie for authentication.

pa77dab33r

Agreed - the text can be found in the link from RDIO

RDIOOption: A

I would go with A. https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/saml-authentication/citrix-adc-saml-idp.html#:~:text=If%20the%20Citrix,cookie%20for%20authentication.

pa77dab33rOption: A

As said under Tlab97271' comment, the tex can be found in mentioned link. I'm also agreed with Vik84' oppinion.

sailorsoulOption: C

Voting for C.

rgb511Option: C

I would go with C, that all partnets are using the same external SP, so when you authenticate for the 1st partner, any subsequent parter wouldn't require an auth, since all of them are using the same external SP