For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sravan_64_16558's avatar
sravan_64_16558
Icon for Nimbostratus rankNimbostratus
Aug 02, 2014

BIG IP as SP . Not Redirecting to IDP

Hi,

 

I'm very new to the F5 and trying to configure SAML SSO with BIG IP APM . I've created BIG-IP as SP and using a third party identity Provider. I followed all the steps as per the F5 APM document http://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/30.html?sr=38924417 . When i access the application(sample html page) deployed in backend webserver, i couldn't redirect to saml authentication page. Can anyone please helpme out on this

 

Thanks,

 

BIG-IP Access Policy Manager (APM)
security

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 03, 2014

    The absolute simplest SAML SP configuration is simply this:

    start -> SAML Auth -> Allow (or Deny)

    Assuming you've properly configured the SP profile, imported the IdP's metadata as an External IdP Connecter, and then bound the External IdP Connector to the SP, there's not too much more too it. The client will contact the APM VIP, and the SAML Auth agent will redirect the client to the URL configured in the External IdP Connector. The client naturally needs to be able to resolve this URL. The very first thing I'd do is probably install the SAMLTracer agent in FireFox and test again. This plugin will show you exactly what the SAML traffic looks like (and potentially where it's failing).

  • kunjan's avatar
    kunjan
    Icon for Nimbostratus rankNimbostratus
    Aug 03, 2014

    ".. trying to configure SAML SSO with BIG IP APM "

     

    Just to add, SAML SSO is configured for BIG-IP as IdP.