iRule for Shibboleth integration

Can you please give us a bit more requirements here? What exactly are you using Shibboleth here? Are you load-balancing it with the BIG-IP? Did you know that you can potentially eliminate Shibboleth from the equation here by leveraging SAML capabilities of the BIG-IP Access Policy Manager?

I know that APM module can replace Shibboleth SP but company doesn't have a budget yet for that Shibboleth is fronted with F5 LTM (load balance and SSL offload) Shibboleth is integrated with Blackboard Learning System for authentication Problem is that lecturers post links to student subjects deep within Blackboard and these links don't reference Shibboleth The iRule would need to be placed on F5 to intercept these requests and route them to the Shibboleth for authentication

Hope this make sense

Let's dig a little deeper into how all of this is configured, if possible.

1. How do users normally authenticate?

    

2. Is it SP-initiated (user goes to Blackboard, is redirected to Shib to auth, and then gets sent back with an identity assertion)? If so, do internal Blackboard links not automatically trigger a SAML negotiation if a session token isn't presented?

    

3. Is it IdP-initiated (user goes to Shib first to auth and then gets forwarded to Blackboard with identity assertion)?

    

4. What do these lecturer-derived links look like?

    

The problem is that not every LMS user resides in the LDAP. There are some users which only exist in the local LMS database. So we left two doors to the LMS system - default and Shibboleth. For most of the users its a portal where they start and login. After that the email and LMS are single sign on. But as I mentioned above there is a default login for users who are not in the LDAP. Hope i does make sense :)