SAML SP ACS Post back resulting in a 404

Hello, I have one application configured to use APM via SAML authentication, the SP & IdP are both running directly on our F5 - this setup is working for many applications only for this one i have...

APM

application delivery

idp

kerberos

saml

security

Cirrus
Jul 28, 2020
Finally solved this topic with the help from F5 Support - thank you so much.

The main issue is that not my whole web app is protected through APM as this would have serious performance impacts, therefore we have defined some protected sites. When hitting any of these URIs APM will be enabled, default is disabled.

And in that code we forgot to also have /saml URI enpoint marked as protected site as this is the SAML SP endpoint after IdP Session was created. Now we come up with that iRule, which is working great for our purpose

when HTTP_REQUEST { # Check the requested HTTP path switch -glob [string tolower [HTTP::path]] { "/saml/*" - "/en/confidential/*" - "/de/confidential/*" - "/confidential/*" { # Enable APM for these paths ACCESS::enable } default { # Disable APM for all other paths ACCESS::disable } } }

Forum Discussion

SAML SP ACS Post back resulting in a 404

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Enable SAML Service Provider on F5 Distributed Cloud Application

Large payload post requests aren't responding

Post-Breach Analysis: Sophistication and Visibility