F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

sundogbrew's avatar
sundogbrew
Icon for Altocumulus rankAltocumulus
Jun 07, 2018

APM SAML help...

Let me start with I am new to both APM and SAML. I am running 12.1.2. I setup an access policy to allow or block access to a website using local users and it works fine, so I think I am good with t...
BIG-IP
BIG-IP Access Policy Manager (APM)
security
sundogbrew's avatar
sundogbrew
Icon for Altocumulus rankAltocumulus
Jun 08, 2018

OK, I got a little farther today. It seems like a lot of what I asked before is working. It redirects to our master login page and authenticates and then redirects back and stops there.

 

So I am wondering if anyone can help me with this part now. I setup the F5 as an SP, we will call that F5sp.x.edu and then I setup test.x.edu as my test VIP. My policy says start->SAML auth-> success or fail... I added that to test.x.edu. When the IdP authenticates it sends me back to F5sp.x.edu, should it return to there and then that knows to return you to test.x.edu or should the IdP return to test.x.edu? I thought I saw somewhere where that was in the settings that you could set up a different return. Then you need a different IdP for each app that you use this for?

 

in my logs I get

 

/Common/F5-As-SAML-SP:Common:6fd8d6c7: Received User-Agent header: Mozilla%2f5.0%20(X11%3b%20Ubuntu%3b%20Linux%20x86_64%3b%20rv%3a60.0)%20Gecko%2f20100101%20Firefox%2f60.0.

 

and then

 

/Common/F5-As-SAML-SP:Common:6fd8d6c7: New session from client IP 1.1.1.1 (ST=actualplace/CC=US/C=NA) at VIP 2.2.2.2 Listener /Common/test.x.edu (Reputation=Unknown)

 

Thanks Joe