Forum Discussion

FI_2016_187929's avatar
FI_2016_187929
Icon for Nimbostratus rankNimbostratus
Mar 06, 2015

SAML SSO Using Logged In Windows Credentials

Trying to configure our F5 hosted IdP to authenticate clients using their logged in Windows credentials. The SP is an external vendor, we do not need to use Kerberos to authenticate to the applicati...
BIG-IP Access Policy Manager (APM)
saml
security
SSO
Michael_Koyfma1's avatar
Michael_Koyfma1
Icon for Cirrus rankCirrus
Mar 06, 2015

Frank,

 

What you're trying to do is definitely possible and has been done quite a number of times. It's unclear right now if any of the issues/errors you're mentioning are benign or not. What is your end goal? Does your IDP serve only a single SP, or are there multiple SPs in the future? The way it should work is you should be going to SP, which will send users to the IDP with AuthN request, and then it will run through the Access Policy, perform seamless transparent authentication and issue SAML assertion in the response.

 

You should also turn on APM logs, including SSO to debug mode to see everything that is happening. And last, but not least, SSO Credential Mapping agent should not be necessary in your case.