cancel
Showing results for 
Search instead for 
Did you mean: 

SAML SSO Behavior with F5 APM with multiple SSO enabled Service Providers (Applications) in a SP initiated SAML SSO

Sarthak_Mohant1
Nimbostratus
Nimbostratus

I would like to know the behavior in case of a scenario where multiple SSO enabled Service Providers (Applications) are used with F5 APM in a SP initiated SAML SSO.

 

1) There are several applications (Let's say 5) which have separate source endpoints are configured as service providers under F5 APM federation section under External SAML Service Provider connectors and binded/ mapped with a local IdP Service.

2) This is a scenario of SP initiated SAML SSO, where users are trying to access different SSO enabled application endpoints and are getting redirected to the IdP Portal as part of SAML SSO, based upon their authentication request. (SAML Authn Request)

3) When a unique user tries to access it's 1st SSO enabled application URL, it redirects to SSO IdP portal & logs into it with the required credentials and entered into the 1st application landing page & in this case an access session is created and still active.

4) While it's active, the same user tries to access 2nd SSO enabled application URL.

 

In this scenario, what's the standard behavior of F5 APM SAML SSO Federation.

 

a) As the access session is active, whether the user will be allowed directly to log into 2nd SSO enabled application & gets into the landing or welcome page within the application based on application's behavior without creating another access session, utilize same session and thus not prompting for credentials under SSO IdP site as per SSO mechanism.

 

OR

 

b) It'll still generate another access session and prompt user to log into SSO IdP portal once again to log into 2nd SSO enabled application based upon SAML Authn Request. (if this is the behavior, it'll defeat the purpose of SSO)

 

If the behavior is b), is there a way to overcome this and achieve a) based upon the scenario I mentioned above. Thanks for your time in advance in looking at this query & responding.

0 REPLIES 0