Forum Discussion

joesnyder_13328's avatar
joesnyder_13328
Icon for Nimbostratus rankNimbostratus
Jun 19, 2014

SAML Idp-Initiated Connections

I am new to the whole SAML thing and have been playing around with it. I have setup my saleforce dev account to work with our BigIp device and it works perfectly. Since I am still super new to this b...
BIG-IP Access Policy Manager (APM)
idp
saml
security
MiLK_MaN's avatar
MiLK_MaN
Icon for Nimbostratus rankNimbostratus

This iRule should work for both SP initiated and IdP initiated SAML IdP scenarios:

when ACCESS_POLICY_COMPLETED {
    if { [ACCESS::session data get session.server.landinguri] == "/saml/idp/profile/redirectorpost/sso" } { 
        log local0. "SP initiated SAML detected, not sending redirect"
    } else {
        ACCESS::respond 302 Location "/saml/idp/res?id=[ACCESS::session data get session.assigned.resources.saml]"
        log local0. "IDP initiated SAML detected, sending redirect"
    }
}
jerebrad_302050's avatar
jerebrad_302050
Icon for Nimbostratus rankNimbostratus
Jan 26, 2017

This worked for me. Just add this iRule to the VIP and not in the Access Policy VPE.