gpisciotta_3362
Sep 21, 2017Nimbostratus
Global profile, shared auth and idp initiated saml
I am fighting a problem with idp initiated SAML on the F5. The scenario is this: use logs into a website through APM generating an active APM session. The user then clicks a link sending them to the VIP being used for idp initiated SAML without the webtop. The access policy in the idp SAML APM profile does not run at all, preventing the assertion from being generated and the user being redirected to the vendor site.
The SAML VIP and policy work as desired when accessed directly and no preexisting session is present. SP initialed SAML works fine with the above scenario.
all relevant APM profiles are using global scope and have the same domain cookie configured.
TMOS is v12.0.0 HF1
I'm sure someone else has done something like this...