Forum Discussion

Nimbostratus

Sep 05, 2016

SAML SP Send Username to IDP

Hi, I have a SAML setup in place, SPs and IDPs on the same BIG-IP :) I have the challenge to chain two IDPs after each other from the SP. So if the user hits the service, the SP redirects t...

application delivery

BIG-IP Access Policy Manager (APM)

saml

Henrik_S

Nimbostratus

Sep 05, 2016

If the second iDP is in fact the same BIG-IP as the SP, why can't you just use a logon page to gather the missing password and together with the username provided through assertion or artifact perform an auth against the correct backend?

If not, you would have to get the client to share some information in for example cookies between the SP and iDP instances to be able to track one user between the two, and to leverage the session or table command to push the username between the instances.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)