Forum Discussion

Nimbostratus

Nov 18, 2015

SAML IdP logon page to pass email address to SP

I created a logon page which uses username and password to authenticate the user with AD but the SP is requesting the users email address in the SAML assertion. If I set the IdP service Assertion Sub...

application delivery

BIG-IP Access Policy Manager (APM)

saml assertion

Walter_Kacynski

Cirrostratus

Nov 18, 2015

You must use the AD Query agent in the VPE. If you do not specify any attribute for selection, ALL attributes are return from AD for that user. For memory and performance reasons, I would suggest that you explicitly code which attributes that you want to store in the users' session.

In my SAML uses, I usually have the entity id set as unspecified. I guess this depends on what you SP is expecting.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SAML IdP logon page to pass email address to SP

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SkyNet Is Coming For Email First... Thankfully!

Certificate Expiry Email alert configuration

ASM ser input type email doesn't allow valid emails

CSV to Address External Datagroup File

Office 365 Logon Enhancement – Username Capture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS