Forum Discussion

Cirrus

Jan 20, 2020

ADFS Proxy without password

Hello! When a SP-initiated federation is initiated and the user gets to BIGIP APM you normally use a Logon page and send their credentails to ADFS with a "forms client initiated SSO". Bu...

application delivery

BIG-IP

BIG-IP Access Policy Manager (APM)

Johan_Lång
Feb 05, 2020
I figured it out. You need to configure a new claims provider (in this case BankID) and make it available to the RPs. Then you need to make BIGIP to choose wether to use the new CP or Active directory with an iRule.

Leonardo_Souza

Cirrocumulus

Encrypt the SAML assertion (as it will be in the person browser), and pass the password as attributes in the SAML.

Extract the SAML attribute and add the value to the password variable in APM.

Johan_Lång

Cirrus

Jan 21, 2020

But there is no password to encrypt? The external idp only provices us with a "personal identity number" in the saml. Neither does these users has any account in our AD.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

ADFS Proxy without password

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Password Safety & Security: Passwords vs. Passphrases

Automate scp transfers using password

Proxy Protocol v2 Initiator

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Ansible module to update BIG-IP root/admin passwords

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS