Forum Discussion

Nimbostratus

Nov 17, 2015

Diferent Policies Bracnhes based on SAML request

Hi, I would like to have an idp for a multiple SP (Sp1, and SP2) . The connection is SP initiated to the idp. For security reasons SP1 and SP2 need diferents policies to verify the user.. I...

application delivery

BIG-IP Access Policy Manager (APM)

idp

saml

Manel_Mendoza_1

Nimbostratus

Nov 18, 2015

Hi Michael,

I will put an example.

App1: url: app1.provider.com ==> Very confidential APP. Need a SAML tiquet with atribute "security level = hight" App2: url: app2.provider.com ==> Very low confidencial APP. Need a SAML tiquet with atribute "security level = low" ...

Both need a saml tiquet, and both redirects to the same idp to obtain it, but on the policy of the F5 when the PrivederName= APP1 the policy would request 2 factor autentication . On the other hand, when the idp detects that the providename = APP2, only with username or password is enought.

This is the reason why we need to branch the policy on the idp based on SAML request PrivederName.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)