Hi guys! I am trying to configure IdP and SP on my BigIP. I have no idea about this.I have answered the questions in the iApp/Application Services. I have answered all the questions but on the "Which SaaS application are you using?" I don't see my IdP as an option...just the Amazon and so on...pity!Do you have any clue where and especially how I configure the whole thing for IdP/SA, SAML ? thank you a million times!

Hi, maybe you should take one step at a time. Are you aware of the roles of IdP and SP in SAML? There are two parties involved in the process of SAML authentication, an identity provider (IdP) and a service provider (SP). IdP and SP mutually trust each other. The IdP performs the authentication (very often against some kind of User Directory like LDAP) and passes the user's identity (as well as information about the users role, authorization, an so on) in the form of a SAML authentication token, to the SP. The SP processes the token and gives the user access to the service, very often some kind of SaaS. Which role should your BIG-IP take? The role of the IdP or the SP, both? KRDaniel

Both roles are relevant for BigIP. Thank you for paying attention, Daniel.

Ok, I guess you're going through Guided Config and you get stuck there, right?Which BIG-IP version are you on? I will try go collect a couple of links to the appropriate documentation. I think to get a better understand and to use BIG-IP as SP und IdP a step-by-step guide might be a good starting point for you. Meanwhile check the Youtube channels of devcentral and Matthieu Dierick, F5. There can find some videos to get you some rough idea.

LEt me see, I run the version : 13.1.3.4

APM - Creation of IdP and SP for SAML

Daniel_Wolf
MVP
Feb 23, 2021
Hi,

maybe you should take one step at a time. Are you aware of the roles of IdP and SP in SAML?

There are two parties involved in the process of SAML authentication, an identity provider (IdP) and a service provider (SP). IdP and SP mutually trust each other.

The IdP performs the authentication (very often against some kind of User Directory like LDAP) and passes the user's identity (as well as information about the users role, authorization, an so on) in the form of a SAML authentication token, to the SP.

The SP processes the token and gives the user access to the service, very often some kind of SaaS.

Which role should your BIG-IP take? The role of the IdP or the SP, both?

KR
Daniel
joyride_us
Altostratus
Feb 24, 2021
Both roles are relevant for BigIP. Thank you for paying attention, Daniel.
- Daniel_Wolf
  MVP
  Feb 24, 2021
  Ok, I guess you're going through Guided Config and you get stuck there, right?
  Which BIG-IP version are you on? I will try go collect a couple of links to the appropriate documentation. I think to get a better understand and to use BIG-IP as SP und IdP a step-by-step guide might be a good starting point for you.
  
  Meanwhile check the Youtube channels of devcentral and Matthieu Dierick, F5. There can find some videos to get you some rough idea.
joyride_us
Altostratus
Feb 24, 2021
LEt me see, I run the version : 13.1.3.4
joyride_us
Altostratus
Feb 24, 2021
And thanks!
- Daniel_Wolf
  MVP
  Feb 24, 2021
  So check this out, for 13.1.3 there are two manuals with step by step guides and flowcharts how to configure APM as IdP and SP. Just follow these links:
  
  Using APM as a SAML Service Provider
  Using APM as a SAML IdP no SSO portal
  
  I hope that these can provide you the guidance you need.
joyride_us
Altostratus
Feb 25, 2021
Sure thing! Thanks!
Sajid
Cirrostratus
Feb 25, 2021
Few online F5 lab guides.
Lab 2: SAML Identity Provider (IdP) Lab¶
2. Lab 1: SAML Service Provider (SP) Lab¶
Lab 1: SAML Service Provider (SP) Lab¶

F5 APM Training as well having full chapter for SAML config (F5 as SP and IdP).

F5 Community Training & Labs
- joyride_us
  Altostratus
  Feb 25, 2021
  Thank you.

Forum Discussion

APM - Creation of IdP and SP for SAML

Recent Discussions

Http / https health monitor issue

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

APM Cookbook: SAML IdP Chaining

APM Cookbook: AutoLaunch SAML Resources

APM SAML IdP - SP Issuer Extraction

APM as Saml IDP with many SP

AS3 Json for pool creation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS