SAML server SSO

Question

Hi,
F5 v12.1.2 works well as SAML SP, but I am not sure how to handle server SSO (so server does not ask user for credentials.)&nbsp;
I understood from other posts, that F5 has to act as IdP for frontend server to handle server SSO which is SP (standard server SSO methods like form based/basic/ntlm cannot be used as F5 has no password). &nbsp;
So should I just create SAML IdP config with some dummy IdP Entity ID (URL) and then use it in SSO configuration + insert box "SSO Credential Mapping" in VPE and configure web frontend to use F5 as SAML IdP?&nbsp;
I guess I need to forward some attributes to web frontend, but I'll hopefully sort out in IdP configuration.&nbsp;
Thanks
Zdenek&nbsp;

daniel_varela · Answer

Hi,
If you are using SAML SP in your APM configuration you have little options to do SSO. This is because you don't have a password to cache.&nbsp;
Probable your best one is to configure Kerberos as you can use KCD to raise tickets on behalf of the client. Maybe the IDP can send you the password in an encrypted attribute and then you can make use of that but in my opinion in don't like password travel around, it breaks the beauty of SAML.&nbsp;

Forum Discussion

SAML server SSO

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Enhanced Modern Applications and MicroServices SSO with NGINX

Secure Modern Applications and MicroServices SSO with NGINX

SAML SLO Error

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS