Forum Discussion

Juraj_314736's avatar
Icon for Nimbostratus rankNimbostratus
Jan 28, 2019

F5 SAML SP for a portion of a website

Let's say I have the following setup:

  • a website called
  • an access policy called
    with SAML Auth

If I assign the

access policy to
VIP, the entire
becomes Service Provider (SP) and is protected by SAML Auth.

Can I, and if yes then how, place only a portion of the website, i.e. a selected list of HTTP Paths/URIs behind SAML Auth, instead of the entire website?

I.e. if
then SAML Auth, otherwise no restrictions.

Just from top of my head, I was thinking about placing an iRule Event in front of SAML Auth; and inside iRule do the filtering of which HTTP Paths/URIs I want to send to SAML for authentication, and which ones just straight to the back-end servers without any authentication:

However, I don't know whether this is the best approach to address my problem, or there is a better more elegant solution.

Any ideas, suggestions, recommendations to address this are much appreciated.