Scenario: A Citrix Administrator needs to test a SAML authentication deployment to be used by internal users while accessing several externally hosted applications. During testing, the administrator notices that after successfully accessing any partner application, subsequent applications seem to launch without any explicit authentication request.
Which statement is true regarding the behavior described above?
The behavior is expected if the Citrix ADC appliance is the common SAML Identity Provider (IdP) for all partners. In this scenario, once a user authenticates successfully with the IdP, they gain access to multiple SAML Service Providers (SPs) without needing to re-authenticate. The initial authentication generates a session cookie, which is then used for subsequent authentication requests. This streamlines access across different applications that trust the same IdP.
I would say "A". There are two primary types of SAML providers, service provider, and identity provider. A service provider needs the authentication from the identity provider to grant authorization to the user. An identity provider performs the authentication that the end user is who they say they are and sends that data to the service provider along with the user’s access rights for the service.
I also think A because of this: If the Citrix ADC appliance is configured as a SAML IdP for multiple SAML SP, a user can gain access to applications on the different SPs without explicitly authenticating every time. The Citrix ADC appliance creates a session cookie for the first authentication, and every subsequent request uses this cookie for authentication.
Agreed - the text can be found in the link from RDIO
I would go with A. https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/saml-authentication/citrix-adc-saml-idp.html#:~:text=If%20the%20Citrix,cookie%20for%20authentication.
I would go with C, that all partnets are using the same external SP, so when you authenticate for the 1st partner, any subsequent parter wouldn't require an auth, since all of them are using the same external SP
Voting for C.
As said under Tlab97271' comment, the tex can be found in mentioned link. I'm also agreed with Vik84' oppinion.