For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Julio_Navarro's avatar
Julio_Navarro
Icon for Cirrostratus rankCirrostratus
Jul 14, 2014

Using APM as a SAML IdP no SSO portal

Hello;   I was able to configure the LTM as a Identity Provider (IdP) so my users will go to a website (for example : assist.mydomain.com) where is hosted the Application Policy/VIP on my LTM. If ...
BrentJ_104034's avatar
BrentJ_104034
Icon for Nimbostratus rankNimbostratus
Jul 17, 2014

Try this.

 

https://devcentral.f5.com/questions/saml-idp-initiated-connections Worked a treat for me.

 

I've used this as the basis for a common SAML IDP initiated launch pad as we also didn't want the web top to display either and wanted IDP initiated SAML to act in the same way as SP initiated SAML assertions and not display a webtop.

 

To use as a common launch point we provide our users with a launch url ie. http://samllaunch.idp.example.com?SPNAME then convert this to a session variable via an iRule then along with LDAP authentication to ensure the user is allowed access to the resource assign the resource and the SAML assertion.

 

Used in conjunction with the iRule we can use this to launch multiple IDP initiated assertions without displaying a web top. Note: you still have to setup and assign the resources in the normal way (i.e assign a webtop and the saml resource based on your criteria) for this to work. It's just your webtop never gets displayed. Hope this is useful info.

 

Cheers