F5 SAML SP for a portion of a website

Question

Let's say I have the following setup:
a website called test.example.coman access policy called test_apol with SAML Auth

If I assign the test_apol access policy to test.example.com VIP, the entire test.example.com becomes Service Provider (SP) and is protected by SAML Auth.
Can I, and if yes then how, place only a portion of the website, i.e. a selected list of HTTP Paths/URIs behind SAML Auth, instead of the entire website?
I.e. if test.example.com/private then SAML Auth, otherwise no restrictions.
Just from top of my head, I was thinking about placing an iRule Event in front of SAML Auth; and inside iRule do the filtering of which HTTP Paths/URIs I want to send to SAML for authentication, and which ones just straight to the back-end servers without any authentication:

However, I don't know whether this is the best approach to address my problem, or there is a better more elegant solution.
Any ideas, suggestions, recommendations to address this are much appreciated.

niels_van_sluis · Answer

You can use the ACCESS::enable and ACCESS::disable to disable or enable the access policy for some parts of the website. Check out the article below: 
https://devcentral.f5.com/wiki/iRules.ACCESS__enable.ashx

Forum Discussion

F5 SAML SP for a portion of a website

Recent Discussions

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Related Content

Troubeshooting website connection

Enable SAML Service Provider on F5 Distributed Cloud Application

Fake website, Gmail guideline, GPS spoofing, OWASP LLM, Jan 1st–5th F5SIRT This Week in Security

F5 Websites Accessibility Survey

Release Notes: DevCentral Website

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS