Forum Discussion

Altostratus

Aug 02, 2015

Is there a way in iRules to modify which IDP profile the APM selects?

Is there any way to modify how the APM matches an SP to an IDP configuration? I know normally it looks at the Issuer ID that the SP sends and uses that to match an SP configuration, which is in turn ...

application delivery

BIG-IP Access Policy Manager (APM)

Cumulonimbus

Aug 04, 2015

As AlgebraicMirror explained, this is BigIP as IdP SSO, not SAML auth which is used in BigIP as SP.

AlgebraicMirror, do you have sample SAML Authentication request look like in your case? The sample I see from MS looks like as follows

https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx


  urn:federation:MicrosoftOnline

AlgebraicMirror

Altostratus

Aug 04, 2015

Actually, yeah, that's basically just what it looks like. They all come in with that "urn:federation:MicrosoftOnline" Issuer ID, regardless of which domain sends them. ADFS tells them apart because Microsoft coded it t o look at the nameid field, and if the user is "user@example.com", ADFS knows it's for the example.com domain.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)