SAML server SSO

Question

Hi,
F5 v12.1.2 works well as SAML SP, but I am not sure how to handle server SSO (so server does not ask user for credentials.)&nbsp;
I understood from other posts, that F5 has to act as IdP for frontend server to handle server SSO which is SP (standard server SSO methods like form based/basic/ntlm cannot be used as F5 has no password). &nbsp;
So should I just create SAML IdP config with some dummy IdP Entity ID (URL) and then use it in SSO configuration + insert box "SSO Credential Mapping" in VPE and configure web frontend to use F5 as SAML IdP?&nbsp;
I guess I need to forward some attributes to web frontend, but I'll hopefully sort out in IdP configuration.&nbsp;
Thanks
Zdenek&nbsp;

daniel_varela · Answer

Hi,
If you are using SAML SP in your APM configuration you have little options to do SSO. This is because you don't have a password to cache.&nbsp;
Probable your best one is to configure Kerberos as you can use KCD to raise tickets on behalf of the client. Maybe the IDP can send you the password in an encrypted attribute and then you can make use of that but in my opinion in don't like password travel around, it breaks the beauty of SAML.&nbsp;

Forum Discussion

SAML server SSO

1 Reply

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

HSL - Local TimeZone - in syslog server

VIP control across data centers - how to ensure only 1 VIP is up at a time?

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Enhanced Modern Applications and MicroServices SSO with NGINX

Sharing User Credentials Between SAML IDP and SP Policies in F5 APM

Simplifying OIDC and SSO with the New NGINX Plus R34 OIDC Module

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS