Forum Discussion
SWAMYR_255150
Nimbostratus
NimbostratusUsing F5 as SAML 2.0 IDP
Hi,
Can we configure SAML 2.0 IDP in F5/BIG-IP to use IBM Tivoli Directory Service (TDS) for authentication instead of active directory? Please advise.
Thanks,
Raj.
Yann_Desmarest_
Nacreous
NacreousHello,
The IBM product is just an LDAP server, so you can bind your F5 system to that product. But it's not related to SAML.
If you talk about the just-in-time provisioning feature, I think you need IBM FIM also. This way, you can define the F5 system as an IDP with APM module and configure an IDP initiated SSO
Yann_Desmarest_Nacreous
NacreousHello,
Yes you can do it. Just degine IBM TDS as a LDAP Server and add "LDAP auth" block in your authentication workflow on the IDP (also defined on F5). Then, you can pass attributes like email, upn, etc. to the Service Provider
