Forum Discussion

huntercb_174607's avatar
huntercb_174607
Icon for Nimbostratus rankNimbostratus
Jan 03, 2018

SAML SP support for Azure domain hinting?

Hi all.

One of my virtual servers is currently acting as an SP for Azure, and works, but I am trying to add some additional functionality to make the login experience a little bit more streamlined.

I have been trying to determine if APM supports domain hinting in the SAML AuthN request, that can then be used by Azure to bypass the initial login page. The idea is to go straight to our company's branded IdP Azure service, instead of having to perform realm discovery.

According to the Azure documentation, the SAML attributes I need are specified below, but I see no way to add this to the IdP connector.

12.1.2 is currently installed on this box.

Does anyone know if this is possible?

APM
application delivery
Azure
devops

2 Replies

Sort By
  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Feb 25, 2020

    Hello,

     

    Yes it is possible to play the HINT (I have tried only static hints).

     

    Go to "Access > Federation > SAML Service Provider > External IDP Connectors" select your IDP and Edit the "Single Sign On Service Settings".

     

    Then set your hint at the end of the following URL:

     

    "https://login.microsoftonline.com/xxxxxxxxxxxxx/saml2/?login_hint=generic@domain.com"

     

    Regards

     

    Jad

    • Jad_Tabbara__J1's avatar
      Jad_Tabbara__J1
      Icon for Cirrostratus rankCirrostratus
      Mar 06, 2020

      Hello,

       

      You can now use the following code, to make the Azure hinting.

       

      https://devcentral.f5.com/s/articles/Bypass-Azure-Login-Page-by-adding-a-login-hint-in-the-SAML-Request?page=1

       

      You can also adapt the code if you want to make "Domain" hinting and not "email address" hinting.

       

      Regards

       

      Jad