SAML question

Question

I am trying to get a SAML setup working and struggling.&nbsp;
Environment is LTM 11.5.1.HF7 on a 10200.&nbsp;
This is a 'BIG-IP as SP' setup. The iDp wants to receive the following URL from the BIG-IP in order to get started. If I paste this into a browser it works fine.&nbsp;
https://myaccess.dmdc.osd.mil/identitymanagement/authenticate.do?gotoUrl=https%3A%2F%2Fmyaccess.dmdc.osd.mil%2Fopensso%2Fidpssoinit%3FmetaAlias%3D%2Fauthorization%26spEntityID%3DHRC-WEB%26binding%3Durn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-Artifact&nbsp;
If I use this as the Single Sign On Service Settings under Endpoint Settings it appears that the F5 is somehow trashing this by appending more parameters to it. &nbsp;
The end result is that my session does not initiate properly.&nbsp;
I am a total newbie to SAML. Any advice is appreciated.&nbsp;

boneyard · Answer

from that link it seems the IdP wants to do artifact binding, something BIG-IP as SP doesn't support in the 11.5.1. it is support from 11.6.0, but not for the initial contact I believe.&nbsp;
you should check if your IdP can accept Post or Redirect as a way to start the process.&nbsp;

Forum Discussion

SAML question

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

UCS Encryption Question

Enable SAML Service Provider on F5 Distributed Cloud Application

APM Cookbook: SAML IdP Chaining

SAML - LTM in front of SP

APM Cookbook: AutoLaunch SAML Resources

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS