Auth.test.com -> OAuth server + SAML SP - to get a OAuth token you needed a SAML ID
this worked well until I realised some of the redirects where actually posts and you needed a function javascript engine to process them !
I went about changing the ARS on the IDP to redirect with authentication and setup a ACS to talk to it
so login -> SAML IDP + SAML ARS (artifact server)
auth -> OAuth + SAML SP + SAML ACS (artifact comsumer service .. basically - my understanding it make an out of band call to login - so it doesn't go via the browser)
all working good except for the ACS -> ARS call. I can see the request making it to login, I have an irule to capture the post but the VS is terminating the link tcp rst.
No logging in APM or LTM logs I have debug turned on for access profile and SSO doesn't help.
Any one got it working ? Any one got any ideas on how to debug the next step
which is strange, working with F5 support team they reacon i have hit a bug - i had it attached to my https VS and had a ssl client profile. they suggested to create a new vs and add a pool. instead I attached my ars to my http VS. its almost like the VS doesn't recognise the call as a SAML.
THinking out loud - maybe because I don't have the APM profile attached to the http VS.
So setup a pool and reverse proxy it from the http to the https vs
I have done a tcpdump and I can see a rst - but nothing in the rst logs
interesting I can see the request making it to VS - i have a IRULE that captures the request and logs it !
I have tried using that post and hand crafting it with curl and sending it manually - again I can see the request coming in but noting back
As you said, it's been the holidays. Just dropping a note to make sure @Scot_JC saw your follow-up. Are you still experiencing the issue then, @AlexS_yb?
