Forum Discussion

Nimbostratus

Jan 02, 2014

SAML SP post binding to IdP

Hey all, I am currently investigating the capabilities of integrating the BigIP as an SP with an external IdP (shibboleth). I am providing a login page on the BigIP with an access policy that falls b...

saml

Kevin_Stewart

Employee

Jan 03, 2014

So in my APM policy I would remove the login page and make the SAML auth the first item in my policy then?

Yes. The SP will send the client a physical redirect (via 302 or auto-posted form) to the IdP for authentication. You could potentially subvert that redirect and force the client back to an APM VIP, and then POST those credentials to a remote IdP, but it would not be a trivial configuration.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)