Azure AD SAML

Question

Hi guys,
I have got concern related with SAML SSO on F5. I have got below Access policy:&nbsp;
START -&gt; Logon Page -&gt; SAML Auth (Azure AD) -&gt; Advanced Resource Assign.&nbsp;
In portal access link I have got application which uses Azure AD as well. Please could you advice how I can set up SSO for it? &nbsp;

daniel_varela · Answer

If you are using SAML SP then you have two options: 
    - If your backend servers support kerberos then you can configure Kerberos SSO.
    - You IDP can send you the user password encrypted in a SAML attribute. Then you can use any SSO options available in APM.&nbsp;
This is because SAML SP will just validate the assertion coming from the IDP but there is no password there by default. If there is no password your only option is Kerberos (by using Kerberos Constrained Delegation)&nbsp;
Have a look to the APM operation guide, there are some examples on how to configure SSO: https://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide/_jcr_content/pdfAttach/download/file.res/f5-apm-operations-guide.pdf&nbsp;

Forum Discussion

Azure AD SAML

Recent Discussions

ppp TunnelStats: LCP_UNKNOWN_OPTIONS 1,LCP_PROTO_REJ 1,FSM_UNEXPECTED_DOWN 1,

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

F5 looses the token for the first call

feature request: container egress service

Related Content

Bypass Azure Login Page by adding a login hint in the SAML Request

NGINXaaS for Azure: Azure Key Vault

Yubikey Authentication Modes and Azure AD integration via the APM

BIG-IP Telemetry Streaming to Azure

Leverage F5 BIG-IP APM and Azure AD Conditional Access Easy button

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS