SAML as server-side SSO

Question

Hello,&nbsp;
I'm looking to obtain more information about how to configure an app that is behind APM to use SAML. I believe the app behind the APM would be the SP, with the BIG-IP still performing IdP functions, but hiding most of this from the end user.&nbsp;
This is referring to the ability to choose SAML connectors for SSO in an access policy's Authentication Domain list, shown in the screenshot below:&nbsp;
&nbsp;
The KB seems to be lacking in documentation specifically for this configuration. Would anyone be able to point me in the right direction?&nbsp;
Thanks.
Josh&nbsp;

yann_desmarest · Answer

Hi Josh,&nbsp;
I'm not sure the SAML configuration works the way you want.&nbsp;
When you have a backend application configured as a SAML Service Provider, you have to define your bigip device as an IDP and establish the trust between each peer.&nbsp;
You have to configure the IDP object on the bigip device, import metadata form the SP to build the SP Connector and bind this SP connector to the IDP profile.&nbsp;
Then, you can assign the IDP profile to the SSO options of your Access profile used for F5 as IDP.&nbsp;
Hope it helps&nbsp;
Yann&nbsp;

Forum Discussion

SAML as server-side SSO

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

Client-side vs Server-side Load Balancing

Ways to correlate client side and server side connections

Client side to server side SNI relay iRule

SSL Heartbleed server side iRule

Server Side Profile not show the certificate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS