For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

EM's avatar
EM
Icon for Nimbostratus rankNimbostratus
Sep 05, 2016

SAML SP Send Username to IDP

Hi,   I have a SAML setup in place, SPs and IDPs on the same BIG-IP :)   I have the challenge to chain two IDPs after each other from the SP. So if the user hits the service, the SP redirects t...
Henrik_S's avatar
Henrik_S
Icon for Nimbostratus rankNimbostratus
Sep 05, 2016

If the second iDP is in fact the same BIG-IP as the SP, why can't you just use a logon page to gather the missing password and together with the username provided through assertion or artifact perform an auth against the correct backend?

 

If not, you would have to get the client to share some information in for example cookies between the SP and iDP instances to be able to track one user between the two, and to leverage the session or table command to push the username between the instances.