Forum Discussion
CirrusAPM as SP, SAML nameId policy options
Dear sirs (or anybody reading),
we are using the F5 APM as a SP with an external IdP (actually - we do authentication briding - APP -> F5 IdP -> external IdP) . As a service provider, the exported metadata stated the nameid format is "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" and the SAML Auth request doesn't contain any nameid format statement (what is correct and valid).
The problem stays that the external IdP claims that they support only 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient' nameId policy.
Is there a way to configure the nameId policy as a SP? (I don't think, but I'll ask, as they're plenty of features not available via web GUI). Still - I believe the F5 will consume any returned SAML identity assertion (e.g. transient or others).
Best regards Gabriel
3 Replies
Gabriel_V_13146A little bit of testing revealed, that F5 APM will consume other SAML Response nameID policies. Therefore we will try to modify the metadata XML provided to the IdP to say, that F5 will consume the transient nameID and hopefully we all will be happy.
tmos_92245Nimbostratus
News ? Are there any developments with respect to version 11.6 HF5 ? Is it possible to support other NameID Formats in a Saml authnrequest, other than: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified for example:
Or is this known to be on any F5 road map ?
Thanks,
- tmos_92245
This function will be available in F5 APM V12 ! I tested a beta and it works ...!
