Forum Discussion

Nimbostratus

Mar 22, 2016

SAML iDP and per application choise of 1-factor or 2-factor auth.

I've setup an SAML iDP with F5 and it's working without issues, Running on 11.6 software. In the setup there's an access profile that forces all clients to do two-factor authentication when auth...

BIG-IP Access Policy Manager (APM)

saml

security

Yann_Desmarest

Cirrus

Mar 22, 2016

Hello,

In 11.6.0, You should define IDP cascade architecture.

2-factor SP -> IDP2f -> IDP1f

1-factor SP -> IDP1f

This way, you can manage every scenarios. For example, you can browse from a 1factor SP to a 2factor SP without any issue.

I think that providing attributes in the Authrequest is currently not available even in v12.0.0

Matti
Nimbostratus
Mar 31, 2016
Thanks. So it's as I thought and I've to create a new IDP as I outlined in the question as the last resort solution :(

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SAML iDP and per application choise of 1-factor or 2-factor auth.

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Introducing the F5 Application Study Tool (AST)

SecureAuth 2-Factor STS iApp

System Prerequisites for Deploying the Application Study Tool

Application Study Tool: Make Grafana Listen on HTTPS

Zero Trust Application Access for Federal Agencies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS