Forum Discussion

Nimbostratus

Jul 09, 2014

SAML IdP - Error 504

Hi! When trying to do federated login from ADFS to BigIP as IdP, I am getting a 504 response from the BigIP. Process: 1) I log into my web app, that redirects to ADFS. 2) On the...

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Jul 09, 2014

OK, solved this on my own :)

APM reports are pretty tight with useful information, however APM logs available in /var/log/apm give an abundance of information.

In my case, these were the hurdles to jump when getting BigIP IdP to play with ADFS 3.0 SP:

1) BigIP External SP Connector:

Security Settings / Authentication Request sent to this device by SP / Will be signed: NO

Security Settings / Assertion sent to SP by this device: Must be signed, or must be encrypted, or both. Certificate settings: use ADFS Token Decrtyption/Encryption certificate

Endpoint Settings / Relay state needs to be filled. https:///adfs/ls/

2) BigIP IdP service - add a UPN claim. ADFS requires it, else it will refuse to work.

3) ADFS Claims Provider trust (advanced): use SHA 1 algorithm for hashing

Hope this helps anybody else on this path...

Regards,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)