A few months back VMware announced a joint collaborative effort on delivering even more applications to their Workspace One suite utilizing F5 BIG-IP APM to act as an authentication translator from SAML to legacy Kerberos and header-based web applications.
How does it work? VMware Workspace ONE acts as an identity provider (IDP) that provides SSO access to cloud, mobile and SAML applications. F5 BIG-IP APM extends that functionality and as a service provider (SP) to Workspace ONE for Kerberos and header-based web applications. BIG-IP APM can take in a user’s SSO authentication credential (SAML assertion) from Workspace ONE and authenticate as that user into BIG-IP APM. Once the Authentication is completed BIG-IP APM will create a Kerberos Constrained Delegation (KCD) or header-based authentication using the user’s Realm (Domain). BIG-IP APM will then pass the authentication token to the legacy web application on behalf of the user. This will prevent the pop-up login dialog boxes from appearing and providing a seamless authentication from Workspace ONE to the legacy web application.
BIG-IP can provide intelligent traffic management, high availability, secure SSL access through bridging or offloading, and monitoring using BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS (Formerly BIG-IP GTM). BIG-IP's Access Policy Manager (APM) can also provide secure access to the apps and resources accessible through the Workspace ONE portal.