On March 6th, 2014, Microsoft has officially announced support for SAML 2.0 federation, in addition to their existing WS-Fededation and WS-Trust support. This is really exciting news for both Microsoft’s and F5’s new and existing customers.
For over 3 years now, F5 Access Policy Manager(APM) has been used to provide secure remote access into various Exchange environments, which accelerated dramatically at the end of 2012 after Microsoft announced End-of-Life for their Threat Management Gateway(TMG) product. We have also been very successful in providing similar services for Sharepoint environments as well.
As the adoption rate of cloud and SaaS applications has increased, the popularity of Office 365 among customers has began to grow drastically over the last couple years.
In addition to supporting Office 365 federation using WS-Fed and WS-Trust protocols, Microsoft has introduce support for SAML 2.0 federation back in the 2012 and published an article about how to configure Shibboleth as the SAML Identity Provider for Office 365. With the F5 BIG-IP release 11.3.0 in November 2012, F5 BIG-IP Access Policy Manager because a full-fledged SAML 2.0 Identity Provider and Service Provider, and, our SAML 2.0 integration has been working flawlessly since then.
Unfortunately, until today, Microsoft’s support for other SAML 2.0 Identity Providers wasn’t provided, and some F5 customers have hesitated to implement F5 APM for federating user identity and acting as SAML Identity Provider for Office 365. However, quite a few happy customers went ahead and deployed APM as Identity Provider for Office 365, as well as other cloud applications using SAML 2.0. As you can imagine, such smooth and pervasive adoption would have not been possible if the integration wasn’t extremely robust from both vendor sides and required little to no support calls with respect to the federation setup. Customers can even setup APM to perform seamless NTLM or Kerberos-based authentication to the SAML Identity Provider services in order to provide best possible user experience for domain-joined endpoints.
With Microsoft officially supporting SAML 2.0 Identity Providers for Office 365, now is the great time to learn more about F5 SAML capabilities and give F5 BIG-IP APM a try as your trusty SAML 2.0 Identity and Service Provider.