SAML configuration with LTM exposed app

Question

Dear all,I need to expose an internal web application from my BigIP but I don't want to expose directly the application logon page. The developer said to me that it can support SAML so I was thinking to implement it on my F5. I don't understand what is the best configuration I can use, do I need both IDP and SP configured on the BigIP? Because if I configure it only as IDP the users need to access the application homepage before being redirected to the IDP, am I wrong? &nbsp;Thank you in advance&nbsp;Luca

dave_w · Answer

Hello Luca, this depends. In this use case it does sound like APM would be the SP. You could have the APM be both the IdP and SP (or use an external IdP). Regarding your last question, no, typically SAML can be SP or IdP initiated. So they could go to the App (SP) first or the IdP first.

Here is some more info:

https://www.youtube.com/watch?v=WdRJZ5BnZug

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-1-0/29.html

https://techdocs.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-5-0/30.html

Forum Discussion

SAML configuration with LTM exposed app

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

Copilot’s Weakness, DeepSeek Data exposed, Backdoor in Contec CMS8000 & Apple's Zero-Day

Protect an application exposed on Internet with F5 XC WAAP

Enable SAML Service Provider on F5 Distributed Cloud Application

Configuration Example: BIG-IP APM as SAML IdP for Amazon Web Services

F5 BIG-IP Advanced WAF – DOS profile configuration options.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS