For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

D__Yutzy_151141's avatar
D__Yutzy_151141
Icon for Nimbostratus rankNimbostratus
May 30, 2014

Best Practice for SAML, F5

I currently have a situation where the team as designed the following for SAML:   Active/Passive If server A goes dead, server B becomes active. When server A comes back online, I now have an act...
design
security
R_Eastman_13667's avatar
R_Eastman_13667
Historic F5 Account
May 30, 2014

I think that you should probably have both active at all times and configure your pool load balancing to use both based on your requirements. If one node in the pool goes down, traffic will be routed to the remaining active node in the pool. Any connections to the inactive node when it failed will be routed to the active node in which users will have to re-authenticate with the SAML IdP. When the inactive node comes back online, it will be available for new connections. Existing connections to the active node will continue.