Forum Discussion
CirrusAPM server SSO with SAML
I have a mobile application that can only authenticate users via SAML -- not Kerberos or trusted HTTP headers. I want to protect it behind APM, with an access policy to pre-authenticate the user before granting access to the application, like this:
Client --> [SAML] --> F5 APM --> [SAML] --> Server
I am able use APM to pre-authenticate the client with SAML. Following pre-authentication, how can I send the user's SAML claim to the server, so the user is authenticated to the application? There does not seem to be a SAML SSO.
In the absence of a SAML SSO, is there a way to "capture and replay" the user's SAML POST to the server, and then return the application authentication cookie back to the user in addition to the APM session cookie?
Thank you for your help!
4 Replies
- Walter_Kacynski
Cirrostratus
Can you set the ACS URL to that of the VIP/Backend server so that the client POSTs the SAMLResponse to the backend?
- Can you tell me which backend application it is trying to access?
Evan_Champion_1Hi Daphne -- the backend application is SAP Netweaver Gateway hosting the SAP Fiori web applications. Although Fiori also supports Kerberos, this requires additional licensing (SAP SSO), so we had wanted to use SAML.
amolariHi I have exactly the same requirement and application. Any concrete answer from F5, 2 years later? Thank you
Alex
