For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jaiAdityaSingla's avatar
jaiAdityaSingla
Icon for Nimbostratus rankNimbostratus
Oct 31, 2016

SAML for o365, google apps and cloud proxy

I m looking for solution like Idp chaining, to do sso for o365, google apps and zscaler. Since all SP requires different context.   Please assist ASAP   Please Refer some blogs/ deployment gu...
BIG-IP
BIG-IP Access Policy Manager (APM)
security
jzimm_253086's avatar
jzimm_253086
Icon for Nimbostratus rankNimbostratus
Nov 01, 2016

HI

 

I also have similar setup currently I have 3 x F5 APM IDP's with Google apps, Office365 and Zscaler on 3 seperate vips/apm policies all three use the same back end AAA AD object and are currently SP initiated only.

 

the SAML assertions from all three services as as far as I'm aware/have setup all have differing requirements for the SAML Subject field, Google=email, Office365=UPN, Zscaler=sAMAccountname, and are not changable on the SP side.

 

I have read the above recommended guide and wanted to clarify/ask if is possible to have these 3 SAML assertion subject fields somehow re-produced/recreated by a single F5 IDP object.

 

i also have read the F5 IDP chaining to external IDP guide here: https://devcentral.f5.com/s/articles/apm-cookbook-saml-idp-chaining

 

Im thinking perhaps also chaining the three F5 IDP's together may produce the desired result as well by recreating the SAML assertion between the 3 IDP's

 

All these IDP vips/policies exist on the same device which is a HA pair of appliance BIG-IP's

 

Thanks

 

Jzimm