Forum Discussion

Nimbostratus

Nov 13, 2014

SAML Auth with logon page

Hi, We are planning to implement a SAML auth setup for our application on APM where F5 acts as SAML SP and Okta acts as external IDP. I have set up an access policy like Start-->SAML Auth --> On...

BIG-IP Access Policy Manager (APM)

security

Yann_Desmarest

Cirrus

Nov 13, 2014

Hello,

You can't pass attributes in SAMLRequest. You can do it only for SAML Assertion from IDP to SP.

If you insert a logon page before SAML Auth, it should be to achieve the process of IDP discovery ("Bindings" in APM). For example, you can prompt the user to set it's email address so that you can redirect the user to the IDP he belongs to by processing the domain part of the email.

Yann

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SAML Auth with logon page

Recent Discussions

question about getting hsl data to be formatted properly in splunk

Problem with lets encrypt and redirect after update

where can find silverline ddos protect config guide?

iRule for client certificate verification and inserting CN

Earth Simnavaz

Related Content

Bolt-on Auth with NGINX Plus and F5 Distributed Cloud

Enable SAML Service Provider on F5 Distributed Cloud Application

Getting basic auth prompt before apm logon page event

Insert Basic Auth Header

APM Cookbook: SAML IdP Chaining

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS