Forum Discussion

joesnyder_13328's avatar
joesnyder_13328
Icon for Nimbostratus rankNimbostratus
Jun 19, 2014

SAML Idp-Initiated Connections

I am new to the whole SAML thing and have been playing around with it. I have setup my saleforce dev account to work with our BigIp device and it works perfectly. Since I am still super new to this b...
BIG-IP Access Policy Manager (APM)
idp
saml
security
jerebrad_302050's avatar
jerebrad_302050
Icon for Nimbostratus rankNimbostratus
Jan 27, 2017

I was given another solution to this problem by my SE. Its written by Graham at F5 who specializes in SAML. https://devcentral.f5.com/articles/apm-cookbook-autolaunch-saml-resources-21377

 

Here are Graham's comments to our SE regarding the solutions Kunjun and Milkman and why his solution is more complete:

 

"It only handles the access policy completed event so if they later come back to the existing session it will not fire because that event isn’t hit, that’s why mine has two events to cover the two access scenarios. Also it assumes you always want the user redirected to the same SAML resource, what if you have multiple, that’s why mine leverages a switch."

 

The benefit of Graham's solution for me was that with Milkman's I had to lower the timeout threshold, because if you closed the site you accessed through SAML, you couldn't access it again unless the previous session was ended. With Graham's solution you can access it even if the previous session isn't closed. He described that scenario above.