APM SAML

Hello DevCentral Community,

 

I'm trying to configure an SSO-Based APM Service that uses SAML with BIG IP as IdP.

 

I can't figure out why when i try to access to the logon page of the web service ( it includes an iframe with the APM logon page) it starts an HTTP POST to the following resource: https://mysite.it/saml/idp/profile/redirectorpost/sso and in the form data there is the SAMLRequest with the base64 text and after that the BigIP answers back to the client HTTP POST with an HTTP 302 Redirect pointing at /my.policy, so the client is not able to insert the credentials and authenticate through the iframe. I can't figure out why the F5 give me a 302 redirect. I'll expect that the user "land" on the logon page, (SAML authentication is transparent) and then the user will login after the logon button.

 

If I try point directly to the VS IP address (i can see only the iframe with the login form) it works, the authentication works fine.

 

I also tried to apply the following iRule:

 

when CLIENT_ACCEPTED {

 

When we accept a connection, create an Access session and save the session ID.

set flow_sid [ACCESS::session create -timeout 600 -lifetime 3600] }

 

when HTTP_REQUEST { if { [HTTP::uri] contains "/saml/idp/profile/redirectorpost/sso" } { ACCESS::policy evaluate -sid $flow_sid -profile /Common/iframe_sso } }

 

Please, can you help me ?

 

Thanks in advance,

 

Best Regards,

 

M.