Forum Discussion
APM combining SAML and AD to work together
- Mar 01, 2021
OK, let's break this down. You needed a chain from SAML auth to the AD logon via the Logon page. You inserted the username variable so that it could be displayed but broke the chain there - you showed it to the user but hadn't included it in the form to pass it on to the AD auth. Now you have included it in the form, it is passed on to the AD auth. You could have skipped the variable assign and populated the form field directly from the SAML auth but for debugging purposes it is good to include that step anyway. Hopefully that makes sense now.
How about if you just have a variable assign after the logon page which grabs the username directly from the saml assertion and overwrite the variable received from the logon page?
- jaolokontoFeb 26, 2021Altostratus
I wouldn't mind doing it like that however the point is we have to push into logon page some kind of information that SAML returned X as username so i figured out to do it like this:
user3 is username that i used to authenticate into saml. This is populated by using %username from Variable Assign block. For some reason if i just allow user to type his username into Logon Page (and it gets mapped to username variable) it works fine, but if i pass it like this it returns the error that "" failed. It seems to me that there is some extra mapping but i can't figure out how it works exactlly.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com