Forum Discussion
NimbostratusSAML artifact binding howto
as pointed out in several posts in the past version 11.6 brings SAML artifact binding to the BIG-IP.
this is great, but has anyone got this working? im trying but getting stuck and the documentation is quite limited.
i assume i need to create a "artifact resolution service", but on which virtual server do i configure this? the same as the SP? or a seperate one?
and i will need to configure this also in the IdP so it knows where to send the artifact, what do i configure there, is enough or is some specific path needed like with the SP ID?
and then the host and port, the documentation mentions the port is default 80, mine was on 443 i believe. but does this mean my virtual server has to also listen on that port or is an extra port opened?
5 Replies
kunjanYou may want to verify if the signature method used is rsa-sha1 for the assertion signing.
- boneyard
MVP
i don't sign the assertion at all currently, only the artifact response. why would it have to be rsa-sha1? i recall reading rsa-sha-256 is the advised minimum these days.
kunjan_118660Cumulonimbus
You may want to verify if the signature method used is rsa-sha1 for the assertion signing.
- boneyardi don't sign the assertion at all currently, only the artifact response. why would it have to be rsa-sha1? i recall reading rsa-sha-256 is the advised minimum these days.
- boneyard
gotten a little further and believe i don't need the "artifact resolution service" in a BIG-IP as SP scenario. but getting stuck on the SP consuming the SAML response after asking for it via the Artifact.
anyone who has some experience to share?
