For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wogo1905_288591's avatar
wogo1905_288591
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

Azure AD SAML

Hi guys, I have got concern related with SAML SSO on F5. I have got below Access policy:   START -> Logon Page -> SAML Auth (Azure AD) -> Advanced Resource Assign.   In portal access link I hav...
BIG-IP Access Policy Manager (APM)
security
Daniel_Varela's avatar
Daniel_Varela
Icon for Employee rankEmployee
Feb 16, 2018

If you are using SAML SP then you have two options: - If your backend servers support kerberos then you can configure Kerberos SSO. - You IDP can send you the user password encrypted in a SAML attribute. Then you can use any SSO options available in APM.

 

This is because SAML SP will just validate the assertion coming from the IDP but there is no password there by default. If there is no password your only option is Kerberos (by using Kerberos Constrained Delegation)

 

Have a look to the APM operation guide, there are some examples on how to configure SSO: https://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/f5-apm-operations-guide/_jcr_content/pdfAttach/download/file.res/f5-apm-operations-guide.pdf