Forum Discussion
SWAMYR_255150
Nimbostratus
NimbostratusUsing F5 as SAML 2.0 IDP
Hi,
Can we configure SAML 2.0 IDP in F5/BIG-IP to use IBM Tivoli Directory Service (TDS) for authentication instead of active directory? Please advise.
Thanks,
Raj.
Yann_Desmarest
Cirrus
CirrusHello,
The IBM product is just an LDAP server, so you can bind your F5 system to that product. But it's not related to SAML.
If you talk about the just-in-time provisioning feature, I think you need IBM FIM also. This way, you can define the F5 system as an IDP with APM module and configure an IDP initiated SSO
SWAMYR_255150Hi, Thanks for the reply. I am new to this SAML domain. I believe I didn't ask the question clearly. I have seen some articles talking about defining F5 system as an IDP with APM module. The configuration talks about F5 using Microsoft's Active Directory for authenticating the users and then IDP passing the user attributes in a token to the Service Providers (SP). My question is, can F5 ( with APM module) use Tivoli Directory Service (TDS) instead of Active Directory for authentication and the n IDP passing the user attributes in a token to the Service Provider (SP)? Thanks, Raj.- Yann_DesmarestHello, Yes you can do it. Just degine IBM TDS as a LDAP Server and add "LDAP auth" block in your authentication workflow on the IDP (also defined on F5). Then, you can pass attributes like email, upn, etc. to the Service Provider
