Forum Discussion
Using SAML for login vs F5 Login Page, but need the password for SSO profiles
Hi Michael,
I have the same requirement. My IdP is on premise and I am able to send the password attribute in SAML assertion to F5 IdP but cant pass it to the backend app that requires NTLM/forms authentication. The question is how do I extract the password from the attribute and use it as session.logon.last.password? Tried to work with this iRule but didnt work.
when ACCESS_ACL_ALLOWED {
set username [ACCESS::session data get session.saml.last.identity]
set password [b64decode [ACCESS::session data get session.saml.last.attr.name.password]]
}
when ACCESS_SESSION_STARTED {
if { [ info exists username ] } {
ACCESS::session data set session.logon.last.username $username
}
if { [info exists password] } {
ACCESS::session data set secure session.logon.last.password $password
}
}
My policy looks like this:
Start --> SAML Auth --> SSO Credential Mapping.
Hey Pushpendu, This is not possible the attribute "login.last.password" does not get populated when SAML is used as it does defeat the reason to use SAML auth.
The only way to accomplish this would be to use forms based via f5 page then add a SSO profile to each application in the portal passing the username and password for the different types of authentication required by the individual apps.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com