SAML SSO Using Logged In Windows Credentials
Trying to configure our F5 hosted IdP to authenticate clients using their logged in Windows credentials. The SP is an external vendor, we do not need to use Kerberos to authenticate to the application, just trying to use it to get the logged in credentials.
Using 401 Response to get logged in credentials, LDAP Query to get variables, and assigning the SAML Resource at the Full Resource Assign.
The LDAP lookup appears to be working and I can view the accounts AD variables in the APM report, however the SAML assertion is not being sent. I didn't see any SAML references in the logs so I don't know why, although there was and entry for Could not find SSO domain, check variable assign agent setting
We do get the following Kerberos references in the logs
KERBEROS agent: ENTER Function executeInstanceKERBEROS module: ENTER Function authenticateUsermodules/Authentication/Kerberos/KerberosAuthModule.cpp func: "display_status_1()" line: 84 Msg: : GSS-API error gss_accept_sec_context: d0000 : Unspecified GSS failure. Minor code may provide more informationmodules/Authentication/Kerberos/KerberosAuthModule.cpp func: "display_status_1()" line: 84 Msg: : GSS-API error gss_accept_sec_context: 186a5 :: KERBEROS agent: LEAVE Function executeInstanceExecuted agent '/Access_Policy_act_kerberos_auth_ag', return value 0
Is what we are trying to do possible? We can get the username from the HTTP 401 Response and set the variables, however SAML assertion not being sent.