Global profile, shared auth and idp initiated saml

Question

I am fighting a problem with idp initiated SAML on the F5. The scenario is this:
use logs into a website through APM generating an active APM session.
The user then clicks a link sending them to the VIP being used for idp initiated SAML without the webtop. The access policy in the idp SAML APM profile does not run at all, preventing the assertion from being generated and the user being redirected to the vendor site.&nbsp;
The SAML VIP and policy work as desired when accessed directly and no preexisting session is present. SP initialed SAML works fine with the above scenario.&nbsp;
all relevant APM profiles are using global scope and have the same domain cookie configured.&nbsp;
TMOS is v12.0.0 HF1&nbsp;
I'm sure someone else has done something like this...&nbsp;

gpisciotta_3362 · Answer

The way I was attacking this would never work due to how the APM handles IDP initiated SAML. However,this was resolved. Thanks Graham, Chris and Marc @F5.&nbsp;

Forum Discussion

Global profile, shared auth and idp initiated saml

Recent Discussions

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Advice to partial rename uri path

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Submenus missing in ASM Security Tab

XC Bot defense question

Related Content

Proxy Protocol v2 Initiator

LTM Diameter iRules and Profile Configurations with Support for Server Initiated Request

F5 Distributed Cloud (XC) Global Applications Load Balancing in Cisco ACI

Global Log Receiver

F5 Distributed Cloud and Amazon FSx for NetApp ONTAP - Global Replication and Anywhere Access

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS