APM Cookbook: AutoLaunch SAML Resources
Introduction
After the SAML labs at Agility I got a lot of questions about how to automatically launch SAML resources and skip the webtop, and I promised I'd write it up for you. If you haven't be...
Published Aug 10, 2016
Version 1.0
Graham_Alderso1
Employee
EmployeeGraham_Alderso1Employee
Employee
Graham_Alderso1Employee
EmployeeJuan,
You're in luck, that is already default behavior! In SP initiated the user is sent directly back to the SP with the assertion following policy completion (authentication), they do not see a webtop. It knows what SAML resource to use because it can match the incoming SP initiated authentication request up to the assigned SAML resources.
If you see a webtop when attempting SP initiated, but IdP initiated auth works when the user clicks the webtop link, then there is a misconfiguration at the SP. It's not the IdP configuration because it can successfully perform IdP initiated auth. The SP misconfiguration results in F5 not identifying the request as SP initiated authentication request, so it just shows the webtop. The most common cause is the SP is not redirecting the user to the correct URI (/saml/idp/profile/redirectorpost/sso) or the SAML AuthN request is malformed/not present.