Forum Discussion

Nimbostratus

Nov 12, 2013

SAML SSO Without a Webtop

The F5 is the SAML IDP for an external cloud based service. I am working on setting up and testing this on a webtop. Is it possible to not have to use a webtop? For example, setup an internal DNS rec...

availability

BIG-IP Access Policy Manager (APM)

Employee

Oct 08, 2015

Normally an IdP-initiated connection from the webtop opens another tab in the browser, which leaves the webtop accessible. In the iRule you're essentially replacing the IdP webtop tab with the call to the SP and I'm still mostly convinced that since it never technically gets to the allow block, a new access request simply causes the existing to be overwritten.

The MRHSession and LastMRH_Session cookies seem to get overwritten when I hit the virtual again with the second URL

Can you elaborate on this?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SAML SSO Without a Webtop

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

iRule causing requests to be duplicated (sometimes)

Related Content

Creating a SSL VPN Using F5 Full Webtop

SAML - LTM in front of SP

APM Cookbook: AutoLaunch SAML Resources

Enable SAML Service Provider on F5 Distributed Cloud Application

SAML F5 SP - Microsoft Entra

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS