Forum Discussion
NimbostratusSAML IdP - Error 504
Hi!
When trying to do federated login from ADFS to BigIP as IdP, I am getting a 504 response from the BigIP.
Process:
1) I log into my web app, that redirects to ADFS.
2) On the ADFS, I choose the Home realm (BigIP)
3) Redirect to BigIP /saml/idp/profile/redirectorpost/sso
4) Redirect to BigIP /my.policy
5) Log in, I see AD login successful and session variables assigned.
6) Response from my.policy carries a POST form.
7) POST request submitted to BigIP /saml/idp/profile/redirectorpost/sso
-- response is 504 with no content.
I am new to APM, so I may not really know where exactly to look, however browsing both APM reports and System logs turned up nothing useful or indicative.
1 Reply
Ziga_Jakhel_139OK, solved this on my own :)
APM reports are pretty tight with useful information, however APM logs available in /var/log/apm give an abundance of information.
In my case, these were the hurdles to jump when getting BigIP IdP to play with ADFS 3.0 SP:
1) BigIP External SP Connector:
Security Settings / Authentication Request sent to this device by SP / Will be signed: NO
Security Settings / Assertion sent to SP by this device: Must be signed, or must be encrypted, or both. Certificate settings: use ADFS Token Decrtyption/Encryption certificate
Endpoint Settings / Relay state needs to be filled. https:///adfs/ls/
2) BigIP IdP service - add a UPN claim. ADFS requires it, else it will refuse to work.
3) ADFS Claims Provider trust (advanced): use SHA 1 algorithm for hashing
Hope this helps anybody else on this path...
Regards,
Z
