Forum Discussion

Altocumulus

Aug 08, 2025

Solved

SAML F5 SP - Microsoft Entra

Hi, I have an F5 APM currently authenticating users with their sAMAccountname. most of them (more than 7000) don't know their UPN. we need to leverage Microsoft Entra with MFA using SAML F5 acting ...

application delivery

devops

security

Injeyan_Kostas
Aug 08, 2025
you can use this guide https://my.f5.com/manage/s/article/K53313351
You just need to create a new Authentication Redirect Request under Access ›› Federation : OAuth Client / Resource Server : Request and select it in VPE OAuth config
Clone /Common/MSIdentityPlatform2.0AuthRedirectRequest and just add a new parameter with name login_hint and value %{session.ad.last.attr.userPrincipalName}
Should look like this

Altocumulus

Aug 08, 2025

thanks INJEYAN.🙏

I found another way to accomplish this with a single rule...TESTED WITH SUCCESS.

Bypass Azure Login Page by adding a login hint in the SAML Request | DevCentral

I will try your suggestion next week and revert.

thanks a again for your input.

Injeyan_Kostas
Nacreous
Aug 08, 2025
This is exactly what I meant when saying that irule will be needed for SAML login hint
Moreover in 17.1.2 version I don't see a redirect but a hidden payload triggering saml request which will need a more complicated irule.
What version are you running?
- Injeyan_Kostas
  Nacreous
  Aug 09, 2025
  My bad, I was checking a POST SAML instead of a Redirect