Saml SSO 4 SP with same IDP

Question

My Big IP As SP 
I have 4 VS configured with APM saml SSO 
Every VS configured with Saml SP Services 
all the SP services bind to same IDP connector
when USER accept in APM they can move to another VIP and when a client in another VS click to start SSO 
they automatically authorized because Because he made an identification with saml 
I can solve this issue with some way

youssef1 · Answer

Hi Igor.&nbsp;
Can you explain what is your issue. And what's you need exactly?&nbsp;
Regards &nbsp;

igorzhuk · Answer

Hi Youssef 
I have 4 VS on my F5 
All VS configured with SSO saml authentication with same IDP 
when I connect to VS after authentication I permit to MYAPP&nbsp;
after I go to my other VS in the same session I try to Join MYAPP2 I don't need authentication with IDP because I don't do logout from MYAPP &nbsp;

youssef1 · Answer

Hi Igor.&nbsp;
In fact it's a normal behaviour. You have 4 Service provider bind to the same IDP (authentication federation).&nbsp;
According to the timeout that you set on your IDP, all SP don't need authentication while IDP session is still alive.&nbsp;
So the behaviour that you indicate is normal and wanted in this kind of architecture.&nbsp;
But If I understand, you want that user have to re-authenticate for each application? In this case why thou federated authentication? &nbsp;
Regards&nbsp;

Forum Discussion

Saml SSO 4 SP with same IDP

Recent Discussions

F5-SDK Get GTM Pool Server, Virtual Server, Unused Objects, and JSON Conversion for Data Processing

F5 DNS Generic Host

How do I create a traffic log for two different route domains?

Http / https health monitor issue

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

APM Cookbook: SAML IdP Chaining

SAML SLO Error

APM Cookbook: AutoLaunch SAML Resources

APM SAML IdP - SP Issuer Extraction

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS