F5 APM SAML SSO

Question

Hi,&nbsp;
I am deploying a POC with F5 APM as reverse proxy and I have to publish internal resources configure with SAML auth.&nbsp;
I did not find any configuration how to configure it.&nbsp;
when I try to configure SAML SSO (in SSO menu, not SAML one), it create local IdP.&nbsp;
I do not want to create a SAML IdP but to authenticate user against existing SAML IdP.&nbsp;
Is it supported or have I to request customer to change internal authentication method?&nbsp;
Regards,&nbsp;
Stanislas&nbsp;

fi_2016_187929 · Answer

Are you trying to configure F5 APM as the Service Provider?  You can configure this by Access Policy - SAML - BIG-IP as SP.&nbsp;
This article provides more information: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-12-0-0/32.html&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
No, internal server (URL : ) is already configured with SAML auth with ADFS.&nbsp;
I now have to configure APM authentication (URL : https://myapp.comany.com, with ADFS auth too), then request a SAML token to ADFS for internal resource (URL : )&nbsp;

keesvandenbos · Answer

Hi Stanislas,&nbsp;
Did you manage to figure out if SSO SAML is working as expected?? (so APM is requesting SAML token an behave of an authenticated user for a SP)&nbsp;
Cheers,&nbsp;
Kees&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
No, the customer changed the authentication method on the internal server from SAML to kerberos..&nbsp;
So Now users authenticate with SAML on APM and SSO is set to kerberos.&nbsp;

keesvandenbos · Answer

Hi,&nbsp;
That is unfortunate. My customer has a sharepoint site behind a APM with user/pw login on the APM where the sharepoint site does saml auth. When the access session time's out and a different user uses the browser (without closing it) they are authenticated in sharepoint as the previous user. (with the sharepoint auth cookie) (APM is not aware of the SAML auth to sharepoint)&nbsp;
Kees&nbsp;

Forum Discussion

F5 APM SAML SSO

7 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

APM Cookbook: SAML IdP Chaining

APM Cookbook: AutoLaunch SAML Resources

APM as Saml IDP with many SP

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

SSO