Forum Discussion
Neeharika_Redd1
Nimbostratus
NimbostratusSAML Auth with logon page
Hi,
We are planning to implement a SAML auth setup for our application on APM where F5 acts as SAML SP and Okta acts as external IDP. I have set up an access policy like Start-->SAML Auth --> On...
chion_15356Nimbostratus
NimbostratusUnfortunately, there were no reference material, just good ole trial and error...Here is some steps we went through. Just keep in mind that you need to use Kerberos for your backend authentication. Good luck.
SAML with OKTA 1. Create a new URL to be used. (e.g. https://host.domain.com/sp) 2. Configure the DNS record 3. OKTA side: Configure OKTA setting and export metadata 4. On F5, go to Access Policy | SAML | BigIP as SP, and create a new iDP object using the metadata from step 3 5. Browse for the Metadata file and select a name (something descriptive to what service it will be used for; e.g., OKTA_SERVICE-iDP) 6. Under the Assertion settings, change the Identity Locations to “Attribute” and type in “upn” 7. Once created, go to Access Policy | SAML | BigIP as SP and for Local SP Service click Create 8. Select a name for the SP Service (something descriptive to what service it will be used for; e.g., OKTA_SERVICE-SP). For the Enitiy ID, enter the URL provided in step 1 above (https://host.domain.com/sp) 9. After creating the Local SP Service, highlight the SP service just created and select “Bind/Unbind iDP connector” 10. Click “Add New Row”, and choose the SAML IdP Connector and choose update
You have to use Kerberos due to the fact that APM does not have the user's password and therefor can't perform Forms, Basic or NTLM authentication.