Forum Discussion
NimbostratusSAML - LTM in front of SP
Hi Moeter
An approch would be to use SAML inline SSO check this https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-saml-configuration/config-apm-as-saml-idp-inline-sso.htmlBut It you want a simpler approach you could just create a Virtual Server for the SP itslelf
In this case just pointing ACS to Virtual Server IP would be enough. But dependign on the application itslef you might also need some persistence.If you want to have both IDP and SP under same Virtual Server you will have to disable Access Policy dor SP fqdn with some irule
The easiest way to troublshoot SAML asserions for me is though Browser plugin lik SAML-tracer plus logging on f5 itself.
NacreousHi Moeter
An approch would be to use SAML inline SSO check this https://techdocs.f5.com/en-us/bigip-16-0-0/big-ip-access-policy-manager-saml-configuration/config-apm-as-saml-idp-inline-sso.html
But It you want a simpler approach you could just create a Virtual Server for the SP itslelf
In this case just pointing ACS to Virtual Server IP would be enough. But dependign on the application itslef you might also need some persistence.
If you want to have both IDP and SP under same Virtual Server you will have to disable Access Policy dor SP fqdn with some irule
The easiest way to troublshoot SAML asserions for me is though Browser plugin lik SAML-tracer plus logging on f5 itself.
