Forum Discussion
jaolokonto
Altostratus
AltostratusAPM combining SAML and AD to work together
Hello, I have working configuration of SSL VPN based on AD auth. Due to MFA requirements we decided to implement SAML authentication to cloud based provider. I got this configuration work...
OK, let's break this down. You needed a chain from SAML auth to the AD logon via the Logon page. You inserted the username variable so that it could be displayed but broke the chain there - you showed it to the user but hadn't included it in the form to pass it on to the AD auth. Now you have included it in the form, it is passed on to the AD auth. You could have skipped the variable assign and populated the form field directly from the SAML auth but for debugging purposes it is good to include that step anyway. Hopefully that makes sense now.
jaolokontoAltostratus
AltostratusNo, there was no username field at all, just passing variable from "assign variable" block.
I changed the logon portal to this:This results in user field populated from "assign variable" block and ends with sucessfull authentication. I do not understand why previous config was not working, in the end the "username" variable stays the same, for some reason however it needs to be enforced by logon page.
PeteWhite
Employee
EmployeeOK, let's break this down. You needed a chain from SAML auth to the AD logon via the Logon page. You inserted the username variable so that it could be displayed but broke the chain there - you showed it to the user but hadn't included it in the form to pass it on to the AD auth. Now you have included it in the form, it is passed on to the AD auth. You could have skipped the variable assign and populated the form field directly from the SAML auth but for debugging purposes it is good to include that step anyway. Hopefully that makes sense now.