F5 APM and Azure Access Control Service

It should definitely be possible. I'm assuming your ASP.Net application is the relying party (RP) here? In any case, the key requirement is that the RP must be SAML 2.0 compliant. I would review the following three documents:

 

 

http://support.f5.com/content/kb/en-us/products/big-ip_apm/manuals/product/apm-saml-configuration-11-4-0/_jcr_content/pdfAttach/download/file.res/BIG-IP_Access_Policy_Manager__SAML_Configuration.pdf

 

 

http://msdn.microsoft.com/en-us/library/hh446535.aspx

 

 

http://www.windowsazure.com/en-us/develop/net/how-to-guides/access-control/

 

Thanks Kevin.

 

 

In my scenario the relying party for APM will actually be the Windows Azure Access Control Service (ACS) and my asp.net application will be the RP for ACS. My main concern with the scenario is ACS supports SAML tokens over WS-Federation protocol but not SAML-protocol. Can F5 APM be configured as an IdP over WS-Federation protocol?

 

 

Regards,

 

Willson

Everything I'm reading suggests that ACS supports ADFSv2, which would be SAML 2.0 compliant.

Thanks again Kevin. Unfortunately ACS only supports ADFSv2 using WS-Federation protocol, not SAML protocol.

 

 

Not sure if I am allowed to link to another forum, but here is one of the recent discussion on that topic which was answered by an Azure MVP with relevant links to MS resources to back his answers.

 

http://social.msdn.microsoft.com/Forums/windowsazure/en-US/687be21f-c14f-407f-903a-31f98e0985e3/acsv2-federation-with-adfs-20-using-saml20-protocol

Going off the deep end a little, but have you looked at the "developer preview" per Edit 2 in the above reference?