Forum Discussion

Nimbostratus

Oct 02, 2013

F5 APM and external authentication

Hi all, I am researching the possibility to include authentication and SSO of external users in a F5 APM/LTM solution. I have so far found support of SAML 2.0 in APM, but there are so few sites ...

Azure

BIG-IP Access Policy Manager (APM)

Employee

Oct 02, 2013

You are correct, most of the social media vendors support SAML for access to their own applications (using a third-party IdP). You can use APM SAML as an IdP for Google, Facebook, and Salesforce. As for the IdP itself, it really depends on where the users are.

I highly recommend this (free) book from Microsoft (A Guide to Claims-based Identity and Access Control, Second Edition) as an excellent primer:

http://www.microsoft.com/en-us/download/details.aspx?id=28362

It talks about using Azure ACS as a connector to Facebook and others (which do actually assert claims) for social media authentication. Here's another interesting stackoverflow post that points to API references for various "social login" options.

http://stackoverflow.com/questions/6235735/how-to-add-social-login-services-from-google-facebook-yahoo-etc-to-my-website

Now, to tie this all back to F5 APM, you still need a connector like ACS for protocol transformation, which then asserts a claim back to your APM SP, or optionally to your APM IdP as a relying party (for additional claims assertion) before forwarding to the SP.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)