Forum Discussion

Cirrocumulus

Nov 10, 2022

Smart card authentication (i.e. CAC) and SAML for API Authentication

Just throwing this out there... Considering you want to have systems and processes querying an API and you wanted to implement the BIG-IP as the Identity Provider using SAML but you also have a requ...

application delivery

security

Daniel_Wolf

MVP

Hi JustCooLpOOLe,

the process for a browser is the same as for a service. A client (browser or service) tries to access an API. The SP will redirect the client to the IdP. The IdP (F5 APM) will ask for a client certificate and validate the certificate. The IdP will then issue a SAML token and redirect the client back to the SP. The SP will accept the token.

It think the difference is in the capability of the client to follow the SAML authentication flow. A browser can follow the flow described above for sure. A service might need to be re-programmed.

Whilst, in my personal opinion, using JWT or Opaque tokens are better suited for API authentication or server-to-server authorization than SAML, I don't see a reason why this should not work.

KR
Daniel

JustCooLpOOLe

Cirrocumulus

Nov 10, 2022

Thank you Daniel_Wolf ! I appreciate the feedback.

Forum Discussion

Smart card authentication (i.e. CAC) and SAML for API Authentication

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Smart Card Authentication to Citrix StoreFront Using F5 Access Policy Manager

Configuring Smart Card Authentication to BIG-IP Management Interface

Distributed caching of authentication requests with NGINX Ingress Controller