Forum Discussion
Chris_Phillips2
Nimbostratus
NimbostratusSo, What about SAML2 and attribute release?
Been using F5's since the early 2000's and am in the identity side of the house, specifically around SAML2 and Federation aspects.
While I understand that the APM cannot perform federation elements, I'm interested in understanding how attributes about an identity are passed to the downstream resources.
We use a number of reverse proxy techniques now that populate HTTP headers with attributes and am wondering if that is the same thing that APM will do.
Anyone care to comment?
Thanks!
Chris.
7 Replies
Chris_Phillips2hmmm 5 days gone by, no answer...anyone?
N_65943I am also looking for something similar.
Using LTM/APM/ASM as a secure reverse proxy and interested about Federation Services, which I know isn't there.
The main requirement is to "collapse" infrastructure and use APM as the central point of authenticaton.
As a side note - also looking for ideas about authenticating where XML is required to call the back end authentication services.
I heard 10.2 will have new XML features...- N_65943no response...
- Chris_Phillips2Sorry 'N', I agree, no response either.
Collapsing down to just APM from my perspective is a bit short sighted as there is a lot more involved in dealing with attribute release (e.g. retrieve them over an XML SAML2 response.
It would kick ass if the APM environment could respond to downstream services requests either through stuffing attributes in the header OR responding to SAML2 requests for attributes for an approved APM session.
It seems like a half solution to just use APM so far. - Hey guys... SAML2 is definitely interesting... can you guys elaborate on the use cases for SAML2?
For example, on the "service provider" side and/or "identity provider" side (as defined by the SAML guys...)
Thanks,
Andy 
Minn_62043Cirrostratus
I couldn't find the support for SAML in the manual. [http://bit.ly/cCrysN]. It does have support for HTTP Authentication methods (Basic, NTLM, Form-based] and "Oracle Access Manager".
Juerg_WiesmannHi Chris,
Just got this Post. So I might be a bit late to answer.
No SAML is not on the supported feature list right now. Even I found a lot of need to support Federations. We see this more and more important. Insurance Companys for instance sell there Contracts through Agents. These Agents are selling different Solutions from different Insurance Companys. Thats why they built a "Organisation of Interest" called igB2B www.igb2b.ch to handle this interface. Sorry the Website is not in English.This organisation will also act as an IDP.
The more I think about this I think we might be able to read out SAML Tokens from the IDP and use the information out of it to allow / disallow access to objects or applications.
Would maybee need an iRule and APM aproach.
Kind Regards
Wiesmann
