Access Policy branch rule for multiple SP on same virtual server?

Question

Hi, I'm new to SAML in F5 Big-IP LTM and APM but I'm trying to accomplish something quite simple.&nbsp;
I want to have one and the same virtual server for all my SAML federations (easier to maintain). Right now I only have one idp for an external SP, but I'm trying to setup another.&nbsp;
How can I in the APM access policy redirect an incoming connection from a specific URI to a specific idP hosted on the F5?&nbsp;
Right now the access policy is quite simple: &nbsp;
Start &gt; SAML Auth &gt; Successfull (Allow)
                    Fallback (Deny)&nbsp;
Should I use advanced resource assign based on landinguri? And how do I do that properly?&nbsp;
Regards&nbsp;
Robert&nbsp;

stanislas_piro2 · Answer

Hi,
you must create an empty box with multiple branches... expression of SP sp1.company.com must be:
expr { [mcget {session.server.network.name}] == "sp1.company.com" }

on each branch, add a SAML auth box with dedicated SAML SP profile.

abdessamad1 · Answer

I guess your F5 setup is playing the role of an IdP, but you have multipe IdP objects and want to use them depending on the SP.&nbsp;
In this case I would use an iRule that looks at the Referer header and select the correct IdP with the "WEBSSO::select" command.&nbsp;

Forum Discussion

Access Policy branch rule for multiple SP on same virtual server?

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Three Ways to Specify Multiple Ports on a Virtual Server

virtual server config

Check a Virtual Server's SSL Status

multiple certificate on one virtual server

Virtual Server graphical App for F5 LTM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS