For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OM's avatar
OM
Icon for Altocumulus rankAltocumulus
Aug 08, 2025
Solved

SAML F5 SP - Microsoft Entra

Hi, I have an F5 APM currently authenticating users with their sAMAccountname. most of them (more than 7000) don't know their UPN. we need to leverage Microsoft Entra with MFA using SAML F5 acting ...
application delivery
devops
security
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Aug 08, 2025

    you can use this guide https://my.f5.com/manage/s/article/K53313351

    You just need to create a new Authentication Redirect Request under Access  ››  Federation : OAuth Client / Resource Server : Request and select it in VPE OAuth config
    Clone /Common/MSIdentityPlatform2.0AuthRedirectRequest and just add a new parameter with name login_hint and value %{session.ad.last.attr.userPrincipalName}

    Should look like this 

     

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Aug 08, 2025

Hello OM​ ,

I have done this yes but with OAuth federation and login_hint.

You can use login_hint with SAML too but you have to append it as parameter in saml redirect which will need some irule as you cannot just add "?login_hint=%{session.ad.last.attr.userPrincipalName}" in SAML SSO Service Url

It will be much easier if you do OAuth federation between F5 and Azure 

You will still use login_hint but with OAuth you can configure it inside OAuth request.

Let me know if you need help configuring OAuth federation