Forum Discussion
Michael_Koyfma1
Jan 27, 2016Cirrus
You have a couple of options in this scenario:
- Integrating SAML support into the application natively(some work there)
- Allowing access by extracting username from the HTTP header
The second one is typically much easier to implement. F5 can easily insert the username in the specific HTTP header, and the application can be modified to look for that header and extract user identity from it. This approach is used by many large enterprise Web Access Management solutions.
Optionally, you can also choose to encrypt the username using symmetric key encryption between the BIG-IP and your application, and you should also restrict traffic to the application to ensure it accepts it only from the IP address of the BIG-IP to avoid tampering with it and bypassing security.
Hope this helps.