Forum Discussion
AltostratusSAML, APM, and F5 in the middle
We have an internal OAM identity provider and a new external application that will act as the service provider. When users login to this application, they will need to go through APM. I have been asked to build a solution whereby the OAM IdP will still handle the SAML federation with APM still in play.
Has anyone had to implement a solution similar to this? We are required to use the OAM IdP and the external SP, so my initial thought was to do something like the following:
- Set up an APM IdP to talk to the new app's SP
- Set up an APM SP to talk to the OAM IdP
- Set up the APM IdP to talk to the APM SP
I'm not sure if that would actually work, but due to the requirements, that's about the only way I thought it could be done.
Thoughts?
youssef1Cumulonimbus
Hi Tom,
So this kind of implementation is possible, I already implement IT for several kind of need.
When you have Level auth in different IDP
- IDP1 - Username/PWD
- IDP2 - OTP
I have applications that require to authenticate in IDP2 (OTP) and therefore goes through the IDP1.
In other case I have an IDP cascades that redirect users to their correct IDP according to the email domain for example...
what you want to do is a case study:
You have to deploy your configuration like this:
- You have your application that will be bind to your internal IDP hosted by F5.
-
Create your IDP in F5 (your IDP will have an sso profil for IDP and SAML Auht). The saml Auth will be bin to your IDP (OAM IdP).
-
Then you will have to bind your F5-IDP to OAM IdP
You will have to create this object in F5.
- F5 as SP (application) if your application/auth is manage by F5.
- F5 as IDP (for your IDP F5).
- F5 as SP (for your IDP F5) that will be use to auth in OAM IDP.
Then you have to set all binding...
Let me now if you have a specific question on need more details.
regards