Forum Discussion
NimbostratusAPM as SAML Service Provider- SP Initiated External Login Page
We are trying to setup APM to act as a SAML SP. The way our environment works, is that the SP redirects to the IDP for the authentication. The IDP presents a login page for the user to auth against. However, according to the documentation here, I need to configure a logon page on the APM workflow itself.
Our ultimate goal is to move VMware Horizon/Citrix Gateway/Microsoft OWA/SharePoint/etc behind F5. Configure APM to act as a SAML SP to redirect to our external IDP (Shibboleth). User then logs into Shibboleth via our enterprise login page. Shibboleth redirects the user back to APM, and APM passes the user info into VMware. We are planning on only using 1 External IDP. Perhaps I'm reading the documentation wrong, but has anyone setup APM as a SAML SP where APM redirects the user to the IDP's logon page as opposed to configuring a logon page within F5 itself?
2 Replies
Michael_JenkinsCirrostratus
I think that part of the documentation is just explanation for general SP setup if you want an F5 login page and then the saml auth based on the credentials entered there. As you move down the page on that documentation and build out the connectors, you should also see the alternate method for setting up the Access Policy in the VPE. That one may work for what you're trying to do.
phl110_191286Thanks Michael! I was able to get it working. Looked like it was an issue trying to sign the request.
