Forum Discussion
hpr
Altostratus
AltostratusHowto extract SAML NameID from AuthnRequest
Hi Gurus, I'm about to implement a SP-initiated SAML connection to our BigIP APM, set up as IdP, currently v15.1.2, eagerly awaiting some bug resolutions for the upgrade to 16.1. I want to su...
spalande
Nacreous
NacreousSince SP and IDP sessions are totally diffrent and independent of each other, it would need custom rules built to extract the user. Not seen that's been implemented many places. We will keep the forum open for other to provide any inputs if there is any easy way to extract this.
On seperate note, how about modifying the page at the SP end to omit the field for user and just have sign in button, which will redirect the user to IDP and user would have to put it only once on IDP page? I know this isn't ideal option but just thinking out loud.
Peter_Baumann
Cirrostratus
CirrostratusHi SanjayP,
I have an example for an SP, the Adobe Cloud.
It is handled the same way as the Microsoft Auth Page, you need to first specify a NameID (first.last@domain.com) and then the Authenticator recognizes the @domain.com and is redirecting then to the IdP.
Documentation from Adobe: https://helpx.adobe.com/enterprise/using/set-up-identity.html#set-up-directory
So how is it supposed to work when we have a button on this logon page?
So we have for every organization buttons on the logon page then?
I think this will not scale.
Do you understand now what hpr means?
In this example:
Open adobe.com logon page -> Enter first.last@domain.com -> Adobe does the redirect to the IdP for @domain.com.
What you mean is the way it is done with OAuth 2.0/OIDC where the big players like google/github/twitter etc. have bnuttons for login.
In SAML it is different solved, see the manual above from adobe.
I hope this helps to enlighten the question above a little bit.
Thanks,
Peter