For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gpracer69's avatar
gpracer69
Icon for Nimbostratus rankNimbostratus
Jan 18, 2017

Need help filling in the missing pieces for my SAML SP to LDAP Query scenario.

Let me start off by saying that I am pretty new to administering the F5 APM and F5 technology in general. With that being said here is what I'm trying to accomplish:   I am trying to set up a new ...
BIG-IP Access Policy Manager (APM)
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Apr 27, 2017

Hi,

In my ADFS / F5 APM configuration, I use User-Principal-Name LDAP attribute for Name ID outgoing claim.

Then, in LDAP (or AD) Query, use the following filter :

(userPrincipalName=%{session.saml.last.identity})

You can then assign 

session.ad.last.attr.sAMAccountName
to 
session.logon.last.username
and
session.logon.last.logonname